Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-22118 (GCVE-0-2025-22118)
Vulnerability from cvelistv5
Published
2025-04-16 14:13
Modified
2025-05-26 05:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: validate queue quanta parameters to prevent OOB access
Add queue wraparound prevention in quanta configuration.
Ensure end_qid does not overflow by validating start_qid and num_queues.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_virtchnl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4161cf3f4c11006507f4e02bedc048a215a4b81a",
"status": "affected",
"version": "015307754a19832dd665295f6c123289b0f37ba6",
"versionType": "git"
},
{
"lessThan": "e2f7d3f7331b92cb820da23e8c45133305da1e63",
"status": "affected",
"version": "015307754a19832dd665295f6c123289b0f37ba6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_virtchnl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.2",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: validate queue quanta parameters to prevent OOB access\n\nAdd queue wraparound prevention in quanta configuration.\nEnsure end_qid does not overflow by validating start_qid and num_queues."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-26T05:18:51.702Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4161cf3f4c11006507f4e02bedc048a215a4b81a"
},
{
"url": "https://git.kernel.org/stable/c/e2f7d3f7331b92cb820da23e8c45133305da1e63"
}
],
"title": "ice: validate queue quanta parameters to prevent OOB access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-22118",
"datePublished": "2025-04-16T14:13:04.013Z",
"dateReserved": "2024-12-29T08:45:45.823Z",
"dateUpdated": "2025-05-26T05:18:51.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-22118\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-04-16T15:16:06.003\",\"lastModified\":\"2025-04-17T20:22:16.240\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nice: validate queue quanta parameters to prevent OOB access\\n\\nAdd queue wraparound prevention in quanta configuration.\\nEnsure end_qid does not overflow by validating start_qid and num_queues.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Validar los par\u00e1metros de los cuantos de cola para impedir el acceso OOB. A\u00f1adir prevenci\u00f3n de encapsulamiento de cola en la configuraci\u00f3n de cuantos. Asegurar que end_qid no se desborde validando start_qid y num_queues.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4161cf3f4c11006507f4e02bedc048a215a4b81a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e2f7d3f7331b92cb820da23e8c45133305da1e63\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
fkie_cve-2025-22118
Vulnerability from fkie_nvd
Published
2025-04-16 15:16
Modified
2025-04-17 20:22
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: validate queue quanta parameters to prevent OOB access
Add queue wraparound prevention in quanta configuration.
Ensure end_qid does not overflow by validating start_qid and num_queues.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: validate queue quanta parameters to prevent OOB access\n\nAdd queue wraparound prevention in quanta configuration.\nEnsure end_qid does not overflow by validating start_qid and num_queues."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Validar los par\u00e1metros de los cuantos de cola para impedir el acceso OOB. A\u00f1adir prevenci\u00f3n de encapsulamiento de cola en la configuraci\u00f3n de cuantos. Asegurar que end_qid no se desborde validando start_qid y num_queues."
}
],
"id": "CVE-2025-22118",
"lastModified": "2025-04-17T20:22:16.240",
"metrics": {},
"published": "2025-04-16T15:16:06.003",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/4161cf3f4c11006507f4e02bedc048a215a4b81a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/e2f7d3f7331b92cb820da23e8c45133305da1e63"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
suse-su-2025:01967-1
Vulnerability from csaf_suse
Published
2025-06-16 14:56
Modified
2025-06-16 14:56
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).
- CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597).
- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49570: drm/xe/tracing: Fix a potential TP_printk UAF (bsc#1238782).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961).
- CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983).
- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
- CVE-2024-58074: drm/i915: Grab intel_display from the encoder to avoid potential (bsc#1238972).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).
- CVE-2024-58091: drm/fbdev-dma: Add shadow buffering for deferred I/O (bsc#1240174).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).
- CVE-2025-21717: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq (bsc#1238866).
- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
- CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).
- CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).
- CVE-2025-21800: net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset (bsc#1238743).
- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
- CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473).
- CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108).
- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
- CVE-2025-21837: io_uring/uring_cmd: unconditionally copy SQEs at prep time (bsc#1239064).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21882: net/mlx5: Fix vport QoS cleanup on error (bsc#1240187).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).
- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).
- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).
- CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576).
- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).
- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).
- CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).
- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720).
- CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713).
- CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712).
- CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709).
- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).
- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
- CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655).
- CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717).
- CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740).
- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
- CVE-2025-21973: eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx} (bsc#1240803).
- CVE-2025-21974: eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() (bsc#1240800).
- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).
- CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809).
- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
- CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).
- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944).
- CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934).
- CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936).
- CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).
- CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).
- CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378).
- CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).
- CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).
- CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).
- CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413).
- CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).
- CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416).
- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).
- CVE-2025-22094: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' (bsc#1241512).
- CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456).
- CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).
- CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
- CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548).
- CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575).
- CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).
- CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578).
- CVE-2025-22117: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() (bsc#1241633).
- CVE-2025-22118: ice: validate queue quanta parameters to prevent OOB access (bsc#1241562).
- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
- CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).
- CVE-2025-23154: io_uring/net: fix io_req_post_cqe abuse by send bundle (bsc#1242533).
- CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507).
- CVE-2025-37747: kABI workaround for perf-Fix-hang-while-freeing-sigtrap-event (References: bsc#1242520).
- CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).
- CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).
- CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).
- CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).
- CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).
- CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
- CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414).
- CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283).
- CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).
- CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).
- CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).
- CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).
- CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).
- CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).
- CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).
- CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).
- CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).
- CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).
- CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).
- CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).
- CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).
- CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).
- CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).
- CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).
- CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).
- CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).
- CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626).
The following non-security bugs were fixed:
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).
- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).
- ACPI: PPTT: Fix processor subtable walk (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).
- ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA (stable-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 (stable-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes).
- ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).
- ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).
- ALSA: timer: Do not take register_mutex with copy_from/to_user() (git-fixes).
- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).
- ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes).
- ASoC: Intel: sof_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() (git-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).
- ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).
- ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes).
- ASoC: Use of_property_read_bool() (stable-fixes).
- ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).
- ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry (git-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() (git-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes).
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: cs42l43: Fix maximum ADC Volume (git-fixes).
- ASoC: cs42l43: Reset clamp override on jack removal (git-fixes).
- ASoC: dwc: always enable/disable i2s irqs (git-fixes).
- ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event (git-fixes).
- ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: q6apm-dai: make use of q6apm_get_hw_pointer (git-fixes).
- ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs (git-fixes).
- ASoC: q6apm: add q6apm_get_hw_pointer helper (git-fixes).
- ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: simple-card-utils.c: add missing dlc->of_node (stable-fixes).
- ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction (git-fixes).
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix corrupted list in hci_chan_del (git-fixes).
- Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).
- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (stable-fixes).
- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).
- Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths (git-fixes).
- Bluetooth: btnxpuart: Fix kernel panic during FW release (git-fixes).
- Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes).
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes).
- Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes).
- Bluetooth: hci_uart: Fix another race during initialization (git-fixes).
- Bluetooth: hci_uart: fix race during initialization (stable-fixes).
- Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes).
- Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes).
- Bluetooth: qca: simplify WCN399x NVM loading (stable-fixes).
- Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).
- APEI: Delete patches.suse/APEI-GHES-Have-GHES-honor-the-panic-setting.patch (bsc#1239615)
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- pci: Drop PCI patch that caused a regression (bsc#1241123).
- EDAC/i10nm: Add Intel Clearwater Forest server support (jsc#PED-10190).
- Fix mismerge from SLE15-SP6 to SLE15-SP7 (bsc#1241591).
- Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).
- IB/cm: use rwlock for MAD agent lock (git-fixes)
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).
- Input: cyttsp5 - fix power control issue on wakeup (git-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
- Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - fix Share button on Xbox One controllers (stable-fixes).
- Input: xpad - fix two controller table values (git-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest (bsc#1242205 ltc#212592).
- KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests (jsc#PED-10539 git-fixes).
- KVM: SVM: Allocate IR data using atomic allocation (git-fixes).
- KVM: SVM: Do not change target vCPU state on AP Creation VMGEXIT error (git-fixes).
- KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes).
- KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest had an invalid VMSA (git-fixes).
- KVM: SVM: Save host DR masks on CPUs with DebugSwap (jsc#PED-348).
- KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).
- KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).
- KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).
- KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).
- KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).
- KVM: arm64: Mark some header functions as inline (git-fixes).
- KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).
- KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).
- KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).
- KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).
- KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).
- KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).
- KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).
- KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).
- KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).
- KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload() (git-fixes).
- KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes).
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).
- KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run() (git-fixes).
- KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes).
- KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).
- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes).
- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).
- KVM: x86: Make x2APIC ID 100% readonly (git-fixes).
- KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).
- KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).
- KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).
- KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected (git-fixes).
- NFS: O_DIRECT writes must check and adjust the file length (git-fixes).
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes).
- NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).
- NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).
- OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961)
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix allocation of QP table (git-fixes)
- RDMA/bnxt_re: Fix budget handling of notification queue (git-fixes)
- RDMA/bnxt_re: Fix reporting maximum SRQs on P7 chips (git-fixes)
- RDMA/bnxt_re: Remove unusable nq variable (git-fixes)
- RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)
- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes)
- RDMA/core: Fix use-after-free when rename device name (git-fixes)
- RDMA/core: Silence oversized kvmalloc() warning (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix invalid sq params not being blocked (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)
- RDMA/mana_ib: Ensure variable err is initialized (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix page_size variable overflow (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes)
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes)
- RFC cgroup/cpuset-v1: Add deprecation messages to sched_relax_domain_level (jsc#PED-12405).
- kernel: Remove debug flavor (bsc#1243919).
- Squashfs: check return result of sb_min_blocksize (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).
- USB: VLI disk crashes if LPM is used (stable-fixes).
- USB: gadget: core: create sysfs link between udc and gadget (git-fixes).
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes).
- USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).
- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).
- USB: wdm: add annotation (git-fixes).
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes).
- USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes).
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes).
- Update config. Enable HiSi accel VFIO PCI (jsc#PED-12622 bsc#1241095) - Update config files. CONFIG_HISI_ACC_VFIO_PCI=m - supported.conf: + drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci
- Update config. Enable HiSi accel VFIO PCI (jsc#PED-12622) - Update config files. CONFIG_HISI_ACC_VFIO_PCI=m - supported.conf: + drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci
- Update config. Enable SPI DW mmio driver (jsc#PED-12622 bsc#1241095) - CONFIG_SPI_DW_MMIO=m - supported.conf + drivers/spi/spi-dw + drivers/spi/spi-dw-mmio
- Update config. Enable SPI DW mmio driver (jsc#PED-12622) - CONFIG_SPI_DW_MMIO=m - supported.conf + drivers/spi/spi-dw + drivers/spi/spi-dw-mmio
- Update patches.suse/KVM-PPC-Enable-CAP_SPAPR_TCE_VFIO-on-pSeries-KVM-gue.patch (jsc#PED-10539 git-fixes bsc#1240419 ltc#212279).
- Update patches.suse/RDMA-core-Don-t-expose-hw_counters-outside-of-init-n.patch (git-fixes bsc#1239925).
- Update patches.suse/kABI-fix-for-RDMA-core-Don-t-expose-hw_counters-outs.patch (git-fixes bsc#1239925). Add bug reference.
- Update patches.suse/net-smc-Introduce-IPPROTO_SMC.patch (jsc#PED-10299 bsc#1241689).
- Update patches.suse/net-smc-do-not-leave-a-dangling-sk-pointer-in-__smc_create.patch (jsc#PED-10299 bsc#1241689).
- Update patches.suse/net-smc-expose-smc-proto-operations.patch (jsc#PED-10299 bsc#1241689).
- Update patches.suse/net-smc-fix-lacks-of-icsk_syn_mss-with-IPPROTO_SMC.patch (jsc#PED-10299 bsc#1241689).
- Update patches.suse/net-smc-prevent-UAF-in-inet_create.patch (jsc#PED-10299 bsc#1241689).
- Update patches.suse/net-smc-refactoring-initialization-of-smc-sock.patch (jsc#PED-10299 bsc#1241689).
- Update patches.suse/nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149).
- Update patches.suse/nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149).
- Update patches.suse/smc-Fix-lockdep-false-positive-for-IPPROTO_SMC.patch (bsc#1241689 jsc#PED-10299 bsc#1241689).
- Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).
- accel/ivpu: Fix PM related deadlocks in MS IOCTLs (git-fixes).
- accel/ivpu: Fix deadlock in ivpu_ms_cleanup() (git-fixes).
- accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal() (git-fixes).
- accel/ivpu: Increase DMA address range (PED-12367).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
- add bug reference for an existing hv_netvsc change (bsc#1243737).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- affs: do not write overlarge OFS data block size fields (git-fixes).
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).
- afs: Make it possible to find the volumes that are using a server (git-fixes).
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes).
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: insn: Add support for encoding DSB (git-fixes)
- arm64: mm: Correct the update of max_pfn (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes)
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)
- arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).
- asus-laptop: Fix an uninitialized variable (git-fixes).
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-sata: Save all fields from sense data descriptor (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes).
- ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes).
- ata: libata-scsi: Improve CDL control (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes).
- auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes).
- auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- badblocks: Fix error shitf ops (git-fixes).
- badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes).
- badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes).
- badblocks: fix the using of MAX_BADBLOCKS (git-fixes).
- badblocks: return error directly when setting badblocks exceeds 512 (git-fixes).
- badblocks: return error if any badblock set fails (git-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- bitmap: Align documentation between bitmap_gather() and bitmap_scatter() (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes).
- block: change blk_mq_add_to_batch() third argument type to bool (git-fixes).
- block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes).
- block: fix conversion of GPT partition name to 7-bit (git-fixes).
- block: fix resource leak in blk_register_queue() error path (git-fixes).
- block: integrity: Do not call set_page_dirty_lock() (git-fixes).
- block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes).
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).
- bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).
- bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).
- bnxt_en: Fix ethtool selftest output in one of the failure cases (git-fixes).
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).
- bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes).
- bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes).
- bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() (git-fixes).
- bnxt_en: fix module unload sequence (git-fixes).
- bnxt_en: improve TX timestamping FIFO configuration (git-fixes).
- bonding: fix incorrect MAC address setting to receive NS messages (git-fixes).
- bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes).
- bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
- bpf: Scrub packet on bpf_redirect_peer (git-fixes).
- bpf: add find_containing_subprog() utility function (bsc#1241590).
- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
- bpf: check changes_pkt_data property for extension programs (bsc#1241590).
- bpf: consider that tail calls invalidate packet pointers (bsc#1241590).
- bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590).
- bpf: fix potential error return (git-fixes).
- bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590).
- bpf: track changes_pkt_data property for global functions (bsc#1241590).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204).
- btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).
- btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710).
- btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).
- btrfs: avoid monopolizing a core when activating a swap file (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not loop for nowait writes when checking for cross references (git-fixes).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).
- btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).
- btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151).
- btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204).
- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).
- btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204).
- btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- can: bcm: add locking for bcm_op runtime updates (git-fixes).
- can: bcm: add missing rcu read protection for procfs content (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).
- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).
- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: slcan: allow reception of short error messages (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes).
- cgroup/blkio: Add deprecation messages to reset_stats (jsc#PED-12405).
- cgroup/cpuset-v1: Add deprecation messages to mem_exclusive and mem_hardwall (jsc#PED-12405).
- cgroup/cpuset-v1: Add deprecation messages to memory_migrate (jsc#PED-12405).
- cgroup/cpuset-v1: Add deprecation messages to memory_spread_page and memory_spread_slab (jsc#PED-12405).
- cgroup/cpuset-v1: Add deprecation messages to sched_load_balance and memory_pressure_enabled (jsc#PED-12405).
- cgroup/cpuset: Fix error handling in remote_partition_disable() (bsc#1241166).
- cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() (bsc#1241166).
- cgroup/cpuset: Fix spelling errors in file kernel/cgroup/cpuset.c (bsc#1241166).
- cgroup: Add deprecation message to legacy freezer controller (jsc#PED-12405).
- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).
- char: misc: register chrdev region with all possible minors (git-fixes).
- check-for-config-changes: Fix flag name typo
- cifs: Fix integer overflow while processing actimeo mount option (git-fixes).
- cifs: reduce warning log level for server not advertising interfaces (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Re-enable rbd (bsc#1239991)
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- counter: fix privdata alignment (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: algif_hash - fix double free in hash_accept (git-fixes).
- crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes).
- crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).
- crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416).
- crypto: qat - Fix typo 'accelaration' (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add shutdown handler to qat_420xx (bsc#1239934).
- crypto: qat - add shutdown handler to qat_4xxx (bsc#1239934).
- crypto: qat - add shutdown handler to qat_c3xxx (bsc#1239934).
- crypto: qat - add shutdown handler to qat_c62x (bsc#1239934).
- crypto: qat - add shutdown handler to qat_dh895xcc (bsc#1239934).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416). - Refresh patches.suse/crypto-qat-disable-IOV-in-adf_dev_stop.patch. - Refresh patches.suse/crypto-qat-remove-check-after-debugfs_create_dir.patch.
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove redundant prototypes in qat_c3xxx (bsc#1239934).
- crypto: qat - remove redundant prototypes in qat_c62x (bsc#1239934).
- crypto: qat - remove redundant prototypes in qat_dh895xcc (bsc#1239934).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes).
- cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports (bsc#1242125).
- devlink: fix port new reply cmd type (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-bufio: do not schedule in atomic context (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-ebs: fix prefetch-vs-suspend race (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-integrity: fix a warning on invalid table line (git-fixes).
- dm-integrity: set ti->error on memory allocation failure (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). mwilck: some hand editing because d95e2c34a3ca ('dm verity: Fix IO priority lost when reading FEC and hash') is missing
- dm-verity: fix prefetch-vs-suspend race (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dm: add missing unlock on in dm_keyslot_evict() (git-fixes).
- dm: always update the array size in realloc_argv on success (git-fixes).
- dm: fix copying after src array boundaries (git-fixes).
- dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() (git-fixes).
- dma-buf: insert memory barrier before updating num_fences (git-fixes).
- dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes).
- dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes).
- dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).
- dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).
- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).
- dmaengine: idxd: Fix ->poll() return value (git-fixes).
- dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).
- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mediatek: drop unused variable (git-fixes).
- dmaengine: ti: k3-udma: Add missing locking (git-fixes).
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).
- docs: perf: Fix build warning of hisi-pcie-pmu.rst (bsc#1237704 bsc#1241095)
- docs: perf: Fix build warning of hisi-pcie-pmu.rst (bsc#1237704)
- docs: perf: Update usage for target filter of hisi-pcie-pmu (bsc#1237704 bsc#1241095)
- docs: perf: Update usage for target filter of hisi-pcie-pmu (bsc#1237704)
- docs: thermal: sync hardware protection doc with code (git-fixes).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- drivers/perf: hisi_pcie: Add more events for counting TLP bandwidth (bsc#1237704 bsc#1241095)
- drivers/perf: hisi_pcie: Add more events for counting TLP bandwidth (bsc#1237704)
- drivers/perf: hisi_pcie: Check the target filter properly (bsc#1237704 bsc#1241095)
- drivers/perf: hisi_pcie: Check the target filter properly (bsc#1237704)
- drivers/perf: hisi_pcie: Fix incorrect counting under metric mode (bsc#1237704 bsc#1241095)
- drivers/perf: hisi_pcie: Fix incorrect counting under metric mode (bsc#1237704)
- drivers/perf: hisi_pcie: Introduce hisi_pcie_pmu_get_event_ctrl_val() (bsc#1237704 bsc#1241095)
- drivers/perf: hisi_pcie: Introduce hisi_pcie_pmu_get_event_ctrl_val() (bsc#1237704)
- drivers/perf: hisi_pcie: Merge find_related_event() and (bsc#1237704 bsc#1241095)
- drivers/perf: hisi_pcie: Merge find_related_event() and (bsc#1237704)
- drivers/perf: hisi_pcie: Relax the check on related events (bsc#1237704 bsc#1241095)
- drivers/perf: hisi_pcie: Relax the check on related events (bsc#1237704)
- drivers/perf: hisi_pcie: Rename hisi_pcie_pmu_{config,clear}_filter() (bsc#1237704 bsc#1241095)
- drivers/perf: hisi_pcie: Rename hisi_pcie_pmu_{config,clear}_filter() (bsc#1237704)
- drivers: base: devres: Allow to release group on device release (stable-fixes).
- drm/amd/amdkfd: Evict all queues even HWS remove queue failed (stable-fixes).
- drm/amd/display/dml2: use vzalloc rather than kzalloc (bsc#1241568).
- drm/amd/display: Actually do immediate vblank disable (git-fixes).
- drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 (stable-fixes).
- drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 (stable-fixes).
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).
- drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes).
- drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() (git-fixes).
- drm/amd/display: Do not write DP_MSTM_CTRL after LT (stable-fixes).
- drm/amd/display: Enable urgent latency adjustment on DCN35 (stable-fixes).
- drm/amd/display: Exit idle optimizations before accessing PHY (git-fixes).
- drm/amd/display: Fix gpu reset in multidisplay config (git-fixes).
- drm/amd/display: Fix invalid context error in dml helper (git-fixes).
- drm/amd/display: Fix message for support_edp0_on_dp1 (git-fixes).
- drm/amd/display: Fix out-of-bound accesses (stable-fixes).
- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).
- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).
- drm/amd/display: Force full update in gpu reset (stable-fixes).
- drm/amd/display: Increase vblank offdelay for PSR panels (git-fixes).
- drm/amd/display: Protect FPU in dml21_copy() (git-fixes).
- drm/amd/display: Protect FPU in dml2_init()/dml21_init() (git-fixes).
- drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() (git-fixes).
- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).
- drm/amd/display: Temporarily disable hostvm on DCN31 (stable-fixes).
- drm/amd/display: Update Cursor request mode to the beginning prefetch always (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix an indent issue in DML21 (git-fixes).
- drm/amd/display: fix default brightness (git-fixes).
- drm/amd/display: fix missing .is_two_pixels_per_container (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).
- drm/amd/display: prevent hang on link training fail (stable-fixes).
- drm/amd/display: stop DML2 from removing pipes based on planes (stable-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- drm/amd/pm: add unique_id for gfx12 (stable-fixes).
- drm/amd/pm: always allow ih interrupt from fw (stable-fixes).
- drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).
- drm/amd: Handle being compiled without SI or CIK support better (stable-fixes).
- drm/amd: Keep display off while going into S4 (stable-fixes).
- drm/amdgpu/display: Allow DCC for video formats on GFX12 (stable-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amdgpu/gfx12: correct cleanup of 'me' field with gfx_v12_0_me_fini() (git-fixes).
- drm/amdgpu/gfx12: fix num_mec (git-fixes).
- drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu/mes11: optimize MES pipe FW version fetching (git-fixes).
- drm/amdgpu/mes12: optimize MES pipe FW version fetching (git-fixes).
- drm/amdgpu/pm: Handle SCLK offset correctly in overdrive for smu 14.0.2 (stable-fixes).
- drm/amdgpu/pm: wire up hwmon fan speed for smu 14.0.2 (stable-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu/umsch: fix ucode check (git-fixes).
- drm/amdgpu/vcn: using separate VCN1_AON_SOC offset (stable-fixes).
- drm/amdgpu: Add back JPEG to video caps for carrizo and newer (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Fix offset for HDP remap in nbio v7.11 (stable-fixes).
- drm/amdgpu: Increase KIQ invalidate_tlbs timeout (stable-fixes).
- drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags (git-fixes).
- drm/amdgpu: Prefer shadow rom when available (git-fixes).
- drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).
- drm/amdgpu: Remove JPEG from vega and carrizo video caps (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: Restore uncached behaviour on GFX12 (stable-fixes).
- drm/amdgpu: Unlocked unmap only clear page table leaves (stable-fixes).
- drm/amdgpu: Use the right function for hdp flush (stable-fixes).
- drm/amdgpu: fix pm notifier handling (git-fixes).
- drm/amdgpu: fix warning of drm_mm_clean (git-fixes).
- drm/amdgpu: grab an additional reference on the gang fence v2 (stable-fixes).
- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes).
- drm/amdgpu: immediately use GTT for new allocations (git-fixes).
- drm/amdgpu: refine smu send msg debug log format (git-fixes).
- drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).
- drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 (stable-fixes).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes).
- drm/amdkfd: Fix user queue validation on Gfx7/8 (git-fixes).
- drm/amdkfd: clamp queue size to minimum (stable-fixes).
- drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).
- drm/ast: Fix ast_dp connection status (git-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/debugfs: fix printk format for bridge index (stable-fixes).
- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).
- drm/fdinfo: Protect against driver unbind (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/color: Extract intel_color_modeset() (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/dsi: convert to struct intel_display (stable-fixes).
- drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes).
- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
- drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes).
- drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes).
- drm/i915: Disable RPG during live selftest (git-fixes).
- drm/i915: Increase I915_PARAM_MMAP_GTT_VERSION version to indicate support for partial mmaps (git-fixes).
- drm/i915: Plumb 'dsb' all way to the plane hooks (stable-fixes).
- drm/imagination: fix firmware memory leaks (git-fixes).
- drm/imagination: take paired job reference (git-fixes).
- drm/mediatek: Fix config_updating flag never false when no mbox channel (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes).
- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Fix value in <VBLKSTR> register (git-fixes).
- drm/mipi-dbi: Fix blanking for non-16 bit formats (git-fixes).
- drm/msm/a6xx+: Do not let IB_SIZE overflow (git-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: do not set crtc_state->mode_changed from atomic_check() (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi/phy: Program clock inverters in correct register (git-fixes).
- drm/msm/dsi: Add check for devm_kstrdup() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).
- drm/panic: fix overindented list items in documentation (git-fixes).
- drm/panic: use `div_ceil` to clean Clippy warning (git-fixes).
- drm/panthor: Update CS_STATUS_ defines to correct values (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/sti: remove duplicate object names (git-fixes).
- drm/tests: Add helper to create mock crtc (stable-fixes).
- drm/tests: Add helper to create mock plane (stable-fixes).
- drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes).
- drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: hdmi: Remove redundant assignments (stable-fixes).
- drm/tests: helpers: Add atomic helpers (stable-fixes).
- drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes).
- drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes).
- drm/tests: helpers: Fix compiler warning (git-fixes).
- drm/tests: modes: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: modeset: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: shmem: Fix memleak (git-fixes).
- drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm/vmwgfx: Use VMware hypercall API (jsc#PED-11518).
- drm/xe/dma_buf: stop relying on placement in unmap (git-fixes).
- drm/xe/hw_engine: define sysfs_ops on all directories (git-fixes).
- drm/xe/pm: Temporarily disable D3Cold on BMG (git-fixes).
- drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs (git-fixes).
- drm/xe/tests/mocs: Update xe_force_wake_get() return handling (stable-fixes).
- drm/xe/userptr: Fix an incorrect assert (git-fixes).
- drm/xe/userptr: fix notifier vs folio deadlock (git-fixes).
- drm/xe/vf: Do not try to trigger a full GT reset if VF (stable-fixes).
- drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 (stable-fixes).
- drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds (stable-fixes).
- drm/xe: Add page queue multiplier (git-fixes).
- drm/xe: Fix GT 'for each engine' workarounds (stable-fixes).
- drm/xe: Fix an out-of-bounds shift when invalidating TLB (git-fixes).
- drm/xe: Fix exporting xe buffers multiple times (git-fixes).
- drm/xe: Release guc ids before cancelling work (git-fixes).
- drm/xe: Remove double pageflip (git-fixes).
- drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value (git-fixes).
- drm/xe: Set LRC addresses before guc load (git-fixes).
- drm/xe: Use local fence in error path of xe_migrate_clear (git-fixes).
- drm/xe: remove redundant check in xe_vm_create_ioctl() (git-fixes).
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes).
- drm: allow encoder mode_set even when connectors change for crtc (stable-fixes).
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes).
- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes).
- drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes).
- drm: panel: jd9365da: fix reset signal polarity in unprepare (git-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- e1000e: change k1 configuration on MTP and later platforms (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- enable IMA (bsc#1240617)
- eth: bnxt: do not use BNXT_VNIC_NTUPLE unconditionally in queue restart logic (git-fixes).
- eth: bnxt: fix memory leak in queue reset (git-fixes).
- eth: bnxt: fix missing ring index trim on error path (git-fixes).
- eth: bnxt: fix out-of-range access of vnic_info array (git-fixes).
- ethtool: Fix context creation with no parameters (git-fixes).
- ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes).
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes).
- ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (git-fixes).
- ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes).
- ethtool: fix setting key and resetting indir at once (git-fixes).
- ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes).
- ethtool: netlink: do not return SQI value if link is down (git-fixes).
- ethtool: ntuple: fix rss + ring_cookie check (git-fixes).
- ethtool: plca: fix plca enable data type while parsing the value (git-fixes).
- ethtool: rss: echo the context number back (git-fixes).
- ethtool: rss: fix hiding unsupported fields in dumps (git-fixes).
- exfat: do not fallback to buffered write (git-fixes).
- exfat: drop ->i_size_ondisk (git-fixes).
- exfat: fix potential wrong error return from get_block (git-fixes).
- exfat: fix soft lockup in exfat_clear_bitmap (git-fixes).
- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
- exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes).
- ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342).
- ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).
- ext4: do not over-report free space or inodes in statvfs (bsc#1242345).
- ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347).
- ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).
- ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556).
- ext4: make block validity check resistent to sb bh corruption (bsc#1242348).
- ext4: partial zero eof block on unaligned inode size extension (bsc#1242336).
- ext4: protect ext4_release_dquot against freezing (bsc#1242335).
- ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). Refresh patches.suse/ext4-move-setting-of-trimmed-bit-into-ext4_try_to_tr.patch Refresh patches.suse/ext4-fix-inconsistent-between-segment-fstrim-and-ful.patch
- ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539).
- ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). Refresh: patches.suse/ext4-avoid-online-resizing-failures-due-to-oversized.patch
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omapfb: Add 'plane' value check (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes).
- firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- fs/jfs: Prevent integer overflow in AG size calculation (git-fixes).
- fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes).
- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250).
- fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). Refresh patches.suse/dcache-keep-dentry_hashtable-or-d_hash_shift-even-when-not.patch
- fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535).
- fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526).
- fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
- gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes).
- gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gve: handle overflow when reporting TX consumed descriptors (git-fixes).
- gve: set xdp redirect target only when it is available (git-fixes).
- gve: unlink old napi only if page pool exists (git-fixes).
- gve: unlink old napi when stopping a queue using queue API (git-fixes).
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).
- hv_netvsc: Remove rmsg_pgcnt (git-fixes).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: atr: Fix wrong include (git-fixes).
- i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes).
- i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).
- i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- ice: Add check for devm_kzalloc() (git-fixes).
- ice: Avoid setting default Rx VSI twice in switchdev setup (git-fixes).
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).
- ice: Fix switchdev slow-path in LAG (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: do not configure destination override for switchdev (git-fixes).
- ice: ensure periodic output start time is in the future (git-fixes).
- ice: fix ice_parser_rt::bst_key array size (git-fixes).
- ice: fix input validation for virtchnl BW (git-fixes).
- ice: fix reservation of resources for RDMA when disabled (git-fixes).
- ice: remove invalid parameter of equalizer (git-fixes).
- ice: stop truncating queue ids when checking (git-fixes).
- idpf: Acquire the lock before accessing the xn->salt (git-fixes).
- idpf: check error for register_netdev() on init (git-fixes).
- idpf: fix adapter NULL pointer dereference on reboot (git-fixes).
- idpf: fix offloads support for encapsulated packets (git-fixes).
- idpf: fix potential memory leak on kcalloc() failure (git-fixes).
- idpf: fix transaction timeouts on reset (git-fixes).
- idpf: protect shutdown from reset (git-fixes).
- idpf: record rx queue in skb for RSC packets (git-fixes).
- igb: reject invalid external timestamp requests for 82580-based HW (git-fixes).
- igc: add lock preventing multiple simultaneous PTM transactions (git-fixes).
- igc: cleanup PTP module if probe fails (git-fixes).
- igc: fix PTM cycle trigger logic (git-fixes).
- igc: fix lock order in igc_ptp_reset (git-fixes).
- igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes).
- igc: increase wait time before retrying PTM (git-fixes).
- igc: move ktime snapshot into PTM retry loop (git-fixes).
- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: ad7606: fix serial register access (git-fixes).
- iio: adc: ad7768-1: Fix conversion result sign (git-fixes).
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes).
- iio: adis16201: Correct inclinometer channel resolution (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- inetpeer: remove create argument of inet_getpeer_v() (git-fixes).
- inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- input/vmmouse: Use VMware hypercall API (jsc#PED-11518).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- io_uring/sqpoll: Increase task_work submission batch size (bsc#1238585).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (bsc#1243341)
- iommu/vt-d: Assign owner to the static identity domain (bsc#1241193).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- iommu/vt-d: Remove device comparison in context_setup_pass_through_cb (git-fixes).
- iommu: Allow attaching static domains in iommu_attach_device_pasid() (bsc#1241193).
- iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes).
- ipv4/route: avoid unused-but-set-variable warning (git-fixes).
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).
- ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).
- ipv4: Fix incorrect source address in Record Route option (git-fixes).
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes).
- ipv4: fix source address selection with route leak (git-fixes).
- ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).
- ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).
- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes).
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).
- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).
- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Align behavior across nexthops during path selection (git-fixes).
- ipv6: Do not consider link down nexthops in path selection (git-fixes).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Start path selection from the first nexthop (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- irqchip/davinci: Remove leftover header (git-fixes).
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes).
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307).
- iwlwifi: correct modinfo firmware ucode (bsc#1243020).
- ixgbe: fix media type detection for E610 device (git-fixes).
- jbd2: add a missing data flush during file and fs synchronization (bsc#1242346).
- jbd2: fix off-by-one while erasing journal (bsc#1242344).
- jbd2: flush filesystem device before updating tail sequence (bsc#1242333).
- jbd2: increase IO priority for writing revoke records (bsc#1242332).
- jbd2: increase the journal IO's priority (bsc#1242537).
- jbd2: remove wrong sb->s_sequence check (bsc#1242343).
- jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes).
- jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: add sanity check for agwidth in dbMount (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).
- jiffies: Define secs_to_jiffies() (bsc#1242993).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for hci_core changes (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for l2cap_conn changes (git-fixes).
- kABI workaround for powercap update (bsc#1241010).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- keys: Fix UAF in key_put() (git-fixes).
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes).
- kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).
- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- loop: Add sanity check for read/write_iter (git-fixes).
- loop: LOOP_SET_FD: send uevents for partitions (git-fixes).
- loop: aio inherit the ioprio of original request (git-fixes).
- loop: do not require ->write_iter for writable files in loop_configure (git-fixes).
- loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes).
- loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes).
- md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) Also reenable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch
- md/raid1,raid10: do not ignore IO flags (git-fixes).
- md/raid10: fix missing discard IO accounting (git-fixes).
- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).
- md/raid1: Add check for missing source disk in process_checks() (git-fixes).
- md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).
- md/raid5: implement pers->bitmap_sector() (git-fixes).
- md: add a new callback pers->bitmap_sector() (git-fixes).
- md: ensure resync is prioritized over recovery (git-fixes).
- md: fix mddev uaf while iterating all_mddevs list (git-fixes).
- md: preserve KABI in struct md_personality v2 (git-fixes). Added to mitigate md-add-a-new-callback-pers-bitmap_sector.patch, which was a git-fix.
- mdacon: rework dependency list (git-fixes).
- media: chips-media: wave5: Fix a hang after seeking (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in probe (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: imx214: Rectify probe error handling related to runtime PM (git-fixes).
- media: i2c: imx219: Rectify runtime PM handling in probe and remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: intel/ipu6: set the dev_parent of video device to pdev (git-fixes).
- media: omap3isp: Handle ARM dma_iommu_mapping (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake H DID (stable-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- mei: vsc: Fix fortify-panic caused by invalid counted_by() use (git-fixes).
- memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). Fix tools/ build breakage introduced by suse commit 3d6cb93162fd 'bitmap: introduce generic optimized bitmap_size() (git-fixes)'
- memcg: initiate deprecation of oom_control (jsc#PED-12405).
- memcg: initiate deprecation of pressure_level (jsc#PED-12405).
- memcg: initiate deprecation of v1 soft limit (jsc#PED-12405).
- memcg: initiate deprecation of v1 tcp accounting (jsc#PED-12405).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes).
- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm/readahead: fix large folio support in async readahead (bsc#1242321).
- mm: Add transformation message for per-memcg swappiness (jsc#PED-12405).
- mm: Fix a build breakage in memcontrol.c (jsc#PED-12405).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326).
- mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327).
- mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546).
- mm: memcontrol: clarify swapaccount=0 deprecation warning (jsc#PED-12405).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- mptcp: fix rcv buffer auto-tuning (bsc#1220419 bsc#1222656 bsc#1236394).
- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes).
- mptcp: refine opt_mp_capable determination (git-fixes).
- mptcp: relax check on MPC passive fallback (git-fixes).
- mptcp: strict validation before using mp_opt->hmac (git-fixes).
- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes).
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- neighbour: delete redundant judgment statements (git-fixes).
- net/handshake: Fix handshake_req_destroy_test1 (git-fixes).
- net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).
- net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).
- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).
- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).
- net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).
- net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).
- net/mlx5: Fill out devlink dev info only for PFs (git-fixes).
- net/mlx5: Fix incorrect IRQ pool usage when releasing IRQs (git-fixes).
- net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() (git-fixes).
- net/mlx5: HWS, Rightsize bwc matcher priority (git-fixes).
- net/mlx5: IRQ, Fix null string in debug print (git-fixes).
- net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes).
- net/mlx5: Move ttc allocation after switch case to prevent leaks (git-fixes).
- net/mlx5: Restore missing trace event when enabling vport QoS (git-fixes).
- net/mlx5: Start health poll after enable hca (git-fixes).
- net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).
- net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes).
- net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover (git-fixes).
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes).
- net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes).
- net/mlx5e: TC, Continue the attr process even if encap entry is invalid (git-fixes).
- net/mlx5e: Use custom tunnel header for vxlan gbp (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: Introduce IPPROTO_SMC (jsc#PED-10299).
- net/smc: do not leave a dangling sk pointer in __smc_create() (jsc#PED-10299).
- net/smc: expose smc proto operations (jsc#PED-10299).
- net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC (jsc#PED-10299).
- net/smc: prevent UAF in inet_create() (jsc#PED-10299).
- net/smc: refactoring initialization of smc sock (jsc#PED-10299).
- net/tcp: refactor tcp_inet6_sk() (git-fixes).
- net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).
- net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).
- net: Handle napi_schedule() calls from non-interrupt (git-fixes).
- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).
- net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes).
- net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes).
- net: blackhole_dev: fix build warning for ethh set but not used (git-fixes).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: do not dump stack on queue timeout (git-fixes).
- net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes).
- net: ethtool: Fix RSS setting (git-fixes).
- net: free_netdev: exit earlier if dummy (bsc#1243215).
- net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).
- net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: Switch to page pool for jumbo frames (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: mark racy access on sk->sk_rcvbuf (git-fixes).
- net: phy: leds: fix memory leak (git-fixes).
- net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes).
- net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).
- net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).
- net: sctp: fix skb leak in sctp_inq_free() (git-fixes).
- net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes).
- net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).
- net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes).
- net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes).
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes).
- net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- netdev-genl: avoid empty messages in queue dump (git-fixes).
- netdev: fix repeated netlink messages in queue dump (git-fixes).
- netlink: annotate data-races around sk->sk_err (git-fixes).
- netlink: specs: rt-link: add an attr layer around alt-ifname (git-fixes).
- netlink: specs: rt-link: adjust mctp attribute naming (git-fixes).
- netlink: specs: rtnetlink: attribute naming corrections (git-fixes).
- netlink: specs: tc: all actions are indexed arrays (git-fixes).
- netlink: specs: tc: fix a couple of attribute names (git-fixes).
- netpoll: Ensure clean state on setup failures (git-fixes).
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes).
- nfs: add missing selections of CONFIG_CRC32 (git-fixes).
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).
- nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes).
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).
- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
- ntb: intel: Fix using link status DB's (git-fixes).
- ntb: reduce stack usage in idt_scan_mws (stable-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).
- nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).
- nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes).
- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
- nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).
- nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes).
- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix premature queue removal and I/O failover (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).
- nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes).
- nvme: Add 'partial_nid' quirk (bsc#1241148).
- nvme: Add warning when a partiually unique NID is detected (bsc#1241148).
- nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: multipath: fix return value of nvme_available_path (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: re-read ANA log page after ns scan completes (git-fixes).
- nvme: requeue namespace scan on missed AENs (git-fixes).
- nvme: unblock ctrl state transition for firmware update (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).
- nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).
- nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes).
- nvmet-fc: take tgtport reference only once (git-fixes).
- nvmet-fc: update tgtport ref per assoc (git-fixes).
- nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).
- nvmet-fcloop: add ref counting to lport (git-fixes).
- nvmet-fcloop: replace kref with refcount (git-fixes).
- nvmet-fcloop: swap list_add_tail arguments (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).
- objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).
- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- octeontx2-pf: Do not reallocate all ntuple filters (git-fixes).
- octeontx2-pf: Fix ethtool support for SDP representors (git-fixes).
- octeontx2-pf: handle otx2_mbox_get_rsp errors (git-fixes).
- octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).
- padata: do not leak refcount in reorder_work (git-fixes).
- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)
- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)
- perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)
- perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)
- phy: Fix error handling in tegra_xusb_port_init (git-fixes).
- phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).
- phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).
- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).
- phy: tegra: xusb: remove a stray unlock (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes).
- platform/x86/intel/ifs: Add Clearwater Forest to CPU support list (jsc#PED-10213).
- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Correct command storage data length (git-fixes).
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).
- powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).
- powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010).
- powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010).
- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
- powerpc/boot: Check for ld-option support (bsc#1215199).
- powerpc/boot: Fix dash warning (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view (jsc#PED-10539 git-fixes).
- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).
- powerpc: Do not use --- in kernel logs (git-fixes).
- powerpc: Stop using no_llseek (bsc#1239573).
- ptp/vmware: Use VMware hypercall API (jsc#PED-11518).
- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes).
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes).
- pwm: rcar: Improve register calculation (git-fixes).
- qibfs: fix _another_ leak (git-fixes)
- rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)
- rcu/tasks: Handle new PF_IDLE semantics (git-fixes)
- rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes)
- rcu: Introduce rcu_cpu_online() (git-fixes)
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- regulator: max20086: fix invalid memory access (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986).
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rtc: pcf85063: do a SW reset if POR failed (stable-fixes).
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
- s390/ap: Fix CCA crypto card behavior within protected execution environment (git-fixes bsc#1243817 LTC#213623).
- s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).
- s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979).
- s390/cpumf: Update CPU Measurement facility extended counter set support (bsc#1243115).
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes).
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390: Add z17 elf platform (bsc#1243116).
- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (BSC#1241319).
- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (bsc#1241319).
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- sched/topology: Refinement to topology_span_sane speedup (bsc#1242119).
- sched/topology: improve topology_span_sane speed (bsc#1242119).
- sched: Add deprecation warning for users of RT_GROUP_SCHED (jsc#PED-11761 jsc#PED-12405).
- scsi: Improve CDL control (git-fixes).
- scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).
- scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes).
- scsi: fnic: Fix indentation and remove unnecessary parenthesis (git-fixes).
- scsi: fnic: Remove unnecessary debug print (git-fixes).
- scsi: fnic: Remove unnecessary spinlock locking and unlocking (git-fixes).
- scsi: fnic: Replace fnic->lock_flags with local flags (git-fixes).
- scsi: fnic: Replace use of sizeof with standard usage (git-fixes).
- scsi: hisi_sas: Check whether debugfs is enabled before removing or (bsc#1237546 bsc#1241095)
- scsi: hisi_sas: Check whether debugfs is enabled before removing or (bsc#1237546)
- scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes).
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).
- scsi: hisi_sas: Remove hisi_hba->timer for v3 hw (bsc#1237545 bsc#1241095)
- scsi: hisi_sas: Remove hisi_hba->timer for v3 hw (bsc#1237545)
- scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes).
- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).
- scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).
- scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).
- scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).
- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).
- scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993).
- scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).
- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).
- scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).
- scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes).
- scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).
- scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).
- scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).
- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (bsc#1241388 jsc#PED-11258).
- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).
- scsi: megaraid_sas: Driver version update to 07.734.00.00-rc1 (bsc#1241388 jsc#PED-11258).
- scsi: megaraid_sas: Make most module parameters static (bsc#1241388 jsc#PED-11258).
- scsi: mpi3mr: Add level check to control event logging (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Avoid reply queue full condition (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Check admin reply queue from Watchdog (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Fix locking in an error path (git-fixes).
- scsi: mpi3mr: Fix pending I/O counter (git-fixes).
- scsi: mpi3mr: Fix spelling mistake 'skiping' -> 'skipping' (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Handling of fault code for insufficient power (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Reset the pending interrupt flag (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Support for Segmented Hardware Trace buffer (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Synchronize access to ioctl data buffer (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Task Abort EH Support (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Update MPI Headers to revision 35 (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Update driver version to 8.12.0.3.50 (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Update driver version to 8.12.1.0.50 (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Update driver version to 8.13.0.5.50 (bsc#1241388 jsc#PED-12372).
- scsi: mpi3mr: Update timestamp only for supervisor IOCs (bsc#1241388 jsc#PED-12372).
- scsi: mpt3sas: Add details to EEDPTagMode error message (bsc#1241388 jsc#PED-11253).
- scsi: mpt3sas: Add support for MCTP Passthrough commands (bsc#1241388 jsc#PED-11253).
- scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).
- scsi: mpt3sas: Fix buffer overflow in mpt3sas_send_mctp_passthru_req() (bsc#1241388 jsc#PED-11253).
- scsi: mpt3sas: Fix spelling mistake 'receveid' -> 'received' (bsc#1241388 jsc#PED-11253).
- scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes).
- scsi: mpt3sas: Remove unused config functions (bsc#1241388 jsc#PED-11253).
- scsi: mpt3sas: Report driver capability as part of IOCINFO command (bsc#1241388 jsc#PED-11253).
- scsi: mpt3sas: Send a diag reset if target reset fails (bsc#1241388 jsc#PED-11253).
- scsi: mpt3sas: Update MPI headers to 02.00.62 version (bsc#1241388 jsc#PED-11253).
- scsi: mpt3sas: update driver version to 52.100.00.00 (bsc#1241388 jsc#PED-11253).
- scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).
- scsi: qla2xxx: Fix typos in a comment (bsc#1243090).
- scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).
- scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).
- scsi: qla2xxx: Remove unused module parameters (bsc#1243090).
- scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).
- scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).
- scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).
- scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).
- scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes).
- scsi: smartpqi: Use is_kdump_kernel() to check for kdump (git-fixes).
- sctp: Fix undefined behavior in left shift operation (git-fixes).
- sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes).
- sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).
- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes).
- sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes).
- sctp: fix busy polling (git-fixes).
- sctp: prefer struct_size over open coded arithmetic (git-fixes).
- sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selftests/bpf: Add a few tests to cover (git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
- selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590).
- selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590).
- selftests/bpf: test for changing packet data from global functions (bsc#1241590).
- selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590).
- selftests/futex: futex_waitv wouldblock test should fail (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203).
- selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
- serial: msm: Configure correct working mode before starting earlycon (git-fixes).
- serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes).
- series.conf: temporarily disable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch (bsc#1238212)
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265).
- smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616).
- smc: Fix lockdep false-positive for IPPROTO_SMC (bsc#1241689 jsc#PED-10299).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes).
- soundwire: bus: Fix race on the creation of the IRQ domain (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).
- spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).
- spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).
- spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes).
- spi: tegra114: Use value to check for invalid delays (git-fixes).
- spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes).
- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328).
- sqpoll: increase tw batch size (bsc#1238585).
- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).
- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).
- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes).
- supported.conf: Mark HiSi DMA controller as supported (jsc#PED-12622 bsc#1241095)
- supported.conf: Mark HiSi PMU drivers as supported (jsc#PED-12622 bsc#1241095)
- supported.conf: Mark HiSi PMU drivers as supported (jsc#PED-12622)
- supported.conf: Mark HiSi TRNG v2 as supported (jsc#PED-12622 bsc#1241095)
- supported.conf: Mark HiSi TRNG v2 as supported (jsc#PED-12622)
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (bsc#1220419 bsc#1222656 bsc#1236394).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (bsc#1220419 bsc#1222656 bsc#1236394).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (bsc#1220419 bsc#1222656 bsc#1236394).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (bsc#1220419 bsc#1222656 bsc#1236394).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (bsc#1220419 bsc#1222656 bsc#1236394).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: get rid of sysctl_tcp_adv_win_scale (bsc#1220419 bsc#1222656 bsc#1236394).
- tcp: increase the default TCP scaling ratio (bsc#1220419 bsc#1222656 bsc#1236394).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).
- tcp_cubic: fix incorrect HyStart round start detection (git-fixes).
- thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold (git-fixes).
- thermal/drivers/mediatek/lvts: Disable monitor mode during suspend (git-fixes).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).
- thunderbolt: Scan retimers after device router has been enumerated (stable-fixes).
- tools/hv: update route parsing in kvp daemon (git-fixes).
- tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175).
- tools/power turbostat: report CoreThr per measurement interval (git-fixes).
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
- tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT (git-fixes).
- tty: n_tty: use uint for space returned by tty_write_room() (git-fixes).
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: set_params: properly check if parameters can be applied (git-fixes).
- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
- udf: Fix inode_getblk() return value (bsc#1242313).
- udf: Skip parent dir link count update if corrupted (bsc#1242315).
- udf: Verify inode link counts before performing rename (bsc#1242314).
- usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes).
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes).
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes).
- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).
- usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes).
- usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).
- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes).
- usb: gadget: f_ecm: Add get_status callback (git-fixes).
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).
- usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes).
- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).
- usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes).
- usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).
- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).
- usb: uhci-platform: Make the clock really optional (git-fixes).
- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).
- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).
- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running (stable-fixes).
- usb: xhci: Do not skip on Stopped - Length Invalid (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (stable-fixes).
- usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes).
- usb: xhci: correct debug message page size calculation (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet:fix NPE during rx_complete (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes).
- vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).
- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).
- video: screen_info: Update framebuffers behind PCI bridges (bsc#1240696).
- virtchnl: make proto and filter action count unsigned (git-fixes).
- virtio_console: fix missing byte order handling for cols and rows (git-fixes).
- vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).
- vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394).
- wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes).
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes).
- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: iwlwifi: do not warn if the NIC is gone in resume (git-fixes).
- wifi: iwlwifi: fix the check for the SCRATCH register upon resume (git-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
- wifi: iwlwifi: pcie: Fix TSO preparation (git-fixes).
- wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version 8 (stable-fixes).
- wifi: mac80211, cfg80211: miscellaneous spelling fixes (git-fixes).
- wifi: mac80211: Cleanup sta TXQs on flush (stable-fixes).
- wifi: mac80211: Fix sparse warning for monitor_sdata (git-fixes).
- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes).
- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes).
- wifi: mac80211: check basic rates validity in sta_link_apply_parameters (git-fixes).
- wifi: mac80211: do not queue sdata::work for a non-running sdata (git-fixes).
- wifi: mac80211: ensure sdata->work is canceled before initialized (stable-fixes).
- wifi: mac80211: fix SA Query processing in MLO (stable-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
- wifi: mac80211: remove debugfs dir for virtual monitor (stable-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: disable napi on driver removal (git-fixes).
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
- x86/bugs: Add RSB mitigation document (git-fixes).
- x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).
- x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes).
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).
- x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes).
- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes).
- x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).
- x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).
- x86/microcode/AMD: Split load_microcode_amd() (git-fixes).
- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Set new revision only after a successful update (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle 'nosmt' correctly (git-fixes).
- x86/microcode: Handle 'offline' CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Remove the driver announcement and version (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Rework early revisions reporting (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/sev: Move sev_setup_arch() to mem_encrypt.c (bsc#1239314).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).
- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/vmware: Add TDX hypercall support (jsc#PED-11518).
- x86/vmware: Correct macro names (jsc#PED-11518).
- x86/vmware: Introduce VMware hypercall API (jsc#PED-11518).
- x86/vmware: Remove legacy VMWARE_HYPERCALL* macros (jsc#PED-11518).
- x86/vmware: Use VMware hypercall API (jsc#PED-11518).
- x86/xen: move xen_reserve_extra_memory() (git-fixes).
- xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).
- xen: Change xen-acpi-processor dom0 dependency (git-fixes).
- xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes).
- xfs: flush inodegc before swapon (git-fixes).
- xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
- xhci: Limit time spent with xHC interrupts disabled during bus resume (stable-fixes).
- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- xhci: split free interrupter into separate remove and free parts (git-fixes).
- xsk: Add truesize to skb_add_rx_frag() (git-fixes).
- xsk: Do not assume metadata is always requested in TX completion (git-fixes).
- zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167).
Patchnames
SUSE-2025-1967,SUSE-SLE-Module-Public-Cloud-15-SP7-2025-1967
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP7 Azure kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).\n- CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597).\n- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49570: drm/xe/tracing: Fix a potential TP_printk UAF (bsc#1238782).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53124: net: fix data-races around sk-\u003esk_forward_alloc (bsc#1234074).\n- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56638: kABI fix for \u0027netfilter: nft_inner: incorrect percpu area handling under softirq\u0027 (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961).\n- CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983).\n- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).\n- CVE-2024-58074: drm/i915: Grab intel_display from the encoder to avoid potential (bsc#1238972).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).\n- CVE-2024-58091: drm/fbdev-dma: Add shadow buffering for deferred I/O (bsc#1240174).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1237312).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).\n- CVE-2025-21717: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq (bsc#1238866).\n- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).\n- CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).\n- CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).\n- CVE-2025-21800: net/mlx5: HWS, fix definer\u0027s HWS_SET32 macro for negative offset (bsc#1238743).\n- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).\n- CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742).\n- CVE-2025-21812: ax25: rcu protect dev-\u003eax25_ptr (bsc#1238471).\n- CVE-2025-21814: ptp: Ensure info-\u003eenable callback is always set (bsc#1238473).\n- CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108).\n- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).\n- CVE-2025-21837: io_uring/uring_cmd: unconditionally copy SQEs at prep time (bsc#1239064).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).\n- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).\n- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).\n- CVE-2025-21882: net/mlx5: Fix vport QoS cleanup on error (bsc#1240187).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).\n- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).\n- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).\n- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).\n- CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576).\n- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).\n- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).\n- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).\n- CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).\n- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).\n- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720).\n- CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713).\n- CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712).\n- CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709).\n- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level \u003e 2 (bsc#1240742).\n- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).\n- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).\n- CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655).\n- CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717).\n- CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740).\n- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).\n- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).\n- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).\n- CVE-2025-21973: eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx} (bsc#1240803).\n- CVE-2025-21974: eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() (bsc#1240800).\n- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).\n- CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809).\n- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).\n- CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).\n- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).\n- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).\n- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).\n- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).\n- CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944).\n- CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934).\n- CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936).\n- CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).\n- CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).\n- CVE-2025-22029: exec: fix the racy usage of fs_struct-\u003ein_exec (bsc#1241378).\n- CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).\n- CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426).\n- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).\n- CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373).\n- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).\n- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).\n- CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).\n- CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).\n- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).\n- CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).\n- CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413).\n- CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).\n- CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416).\n- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).\n- CVE-2025-22094: powerpc/perf: Fix ref-counting on the PMU \u0027vpa_pmu\u0027 (bsc#1241512).\n- CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456).\n- CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).\n- CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).\n- CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548).\n- CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575).\n- CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).\n- CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578).\n- CVE-2025-22117: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() (bsc#1241633).\n- CVE-2025-22118: ice: validate queue quanta parameters to prevent OOB access (bsc#1241562).\n- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).\n- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).\n- CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451).\n- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).\n- CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).\n- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).\n- CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).\n- CVE-2025-23154: io_uring/net: fix io_req_post_cqe abuse by send bundle (bsc#1242533).\n- CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507).\n- CVE-2025-37747: kABI workaround for perf-Fix-hang-while-freeing-sigtrap-event (References: bsc#1242520).\n- CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).\n- CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).\n- CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).\n- CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).\n- CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).\n- CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).\n- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).\n- CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).\n- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).\n- CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).\n- CVE-2025-37798: codel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414).\n- CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283).\n- CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).\n- CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).\n- CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).\n- CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).\n- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).\n- CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).\n- CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).\n- CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).\n- CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).\n- CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).\n- CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).\n- CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).\n- CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).\n- CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).\n- CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).\n- CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).\n- CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).\n- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).\n- CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).\n- CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).\n- CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).\n- CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).\n- CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626).\n\nThe following non-security bugs were fixed:\n\n- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).\n- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).\n- ACPI: PPTT: Fix processor subtable walk (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).\n- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).\n- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).\n- ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).\n- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA (stable-fixes).\n- ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).\n- ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 (stable-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes).\n- ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).\n- ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).\n- ALSA: timer: Do not take register_mutex with copy_from/to_user() (git-fixes).\n- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).\n- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).\n- ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).\n- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).\n- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).\n- ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes).\n- ASoC: Intel: sof_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() (git-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).\n- ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).\n- ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes).\n- ASoC: Use of_property_read_bool() (stable-fixes).\n- ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).\n- ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry (git-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() (git-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes).\n- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: cs42l43: Fix maximum ADC Volume (git-fixes).\n- ASoC: cs42l43: Reset clamp override on jack removal (git-fixes).\n- ASoC: dwc: always enable/disable i2s irqs (git-fixes).\n- ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event (git-fixes).\n- ASoC: fsl_audmix: register card device depends on \u0027dais\u0027 property (stable-fixes).\n- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: q6apm-dai: make use of q6apm_get_hw_pointer (git-fixes).\n- ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs (git-fixes).\n- ASoC: q6apm: add q6apm_get_hw_pointer helper (git-fixes).\n- ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes).\n- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).\n- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).\n- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: simple-card-utils.c: add missing dlc-\u003eof_node (stable-fixes).\n- ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction (git-fixes).\n- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).\n- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix corrupted list in hci_chan_del (git-fixes).\n- Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).\n- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (stable-fixes).\n- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).\n- Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths (git-fixes).\n- Bluetooth: btnxpuart: Fix kernel panic during FW release (git-fixes).\n- Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes).\n- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes).\n- Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes).\n- Bluetooth: hci_uart: Fix another race during initialization (git-fixes).\n- Bluetooth: hci_uart: fix race during initialization (stable-fixes).\n- Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes).\n- Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes).\n- Bluetooth: qca: simplify WCN399x NVM loading (stable-fixes).\n- Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).\n- APEI: Delete patches.suse/APEI-GHES-Have-GHES-honor-the-panic-setting.patch (bsc#1239615)\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- pci: Drop PCI patch that caused a regression (bsc#1241123). \n- EDAC/i10nm: Add Intel Clearwater Forest server support (jsc#PED-10190).\n- Fix mismerge from SLE15-SP6 to SLE15-SP7 (bsc#1241591).\n- Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).\n- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).\n- IB/cm: use rwlock for MAD agent lock (git-fixes)\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).\n- Input: cyttsp5 - fix power control issue on wakeup (git-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).\n- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).\n- Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).\n- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).\n- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).\n- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).\n- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).\n- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).\n- Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - fix Share button on Xbox One controllers (stable-fixes).\n- Input: xpad - fix two controller table values (git-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest (bsc#1242205 ltc#212592).\n- KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests (jsc#PED-10539 git-fixes).\n- KVM: SVM: Allocate IR data using atomic allocation (git-fixes).\n- KVM: SVM: Do not change target vCPU state on AP Creation VMGEXIT error (git-fixes).\n- KVM: SVM: Drop DEBUGCTL[5:2] from guest\u0027s effective value (git-fixes).\n- KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest had an invalid VMSA (git-fixes).\n- KVM: SVM: Save host DR masks on CPUs with DebugSwap (jsc#PED-348).\n- KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).\n- KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).\n- KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).\n- KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).\n- KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).\n- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).\n- KVM: arm64: Mark some header functions as inline (git-fixes).\n- KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).\n- KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).\n- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).\n- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).\n- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).\n- KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).\n- KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).\n- KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).\n- KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).\n- KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).\n- KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).\n- KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).\n- KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload() (git-fixes).\n- KVM: x86/xen: Use guest\u0027s copy of pvclock when starting timer (git-fixes).\n- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).\n- KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run() (git-fixes).\n- KVM: x86: Do not take kvm-\u003elock when iterating over vCPUs in suspend notifier (git-fixes).\n- KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).\n- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn\u0027t supported by KVM (git-fixes).\n- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).\n- KVM: x86: Make x2APIC ID 100% readonly (git-fixes).\n- KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).\n- KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).\n- KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).\n- KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected (git-fixes).\n- NFS: O_DIRECT writes must check and adjust the file length (git-fixes).\n- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn\u0027t up (git-fixes).\n- NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).\n- NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).\n- OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961)\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix allocation of QP table (git-fixes)\n- RDMA/bnxt_re: Fix budget handling of notification queue (git-fixes)\n- RDMA/bnxt_re: Fix reporting maximum SRQs on P7 chips (git-fixes)\n- RDMA/bnxt_re: Remove unusable nq variable (git-fixes)\n- RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)\n- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/core: Fix \u0027KASAN: slab-use-after-free Read in ib_register_device\u0027 problem (git-fixes)\n- RDMA/core: Fix use-after-free when rename device name (git-fixes)\n- RDMA/core: Silence oversized kvmalloc() warning (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix invalid sq params not being blocked (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)\n- RDMA/mana_ib: Ensure variable err is initialized (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix page_size variable overflow (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix \u0027trying to register non-static key in rxe_qp_do_cleanup\u0027 bug (git-fixes)\n- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes)\n- RFC cgroup/cpuset-v1: Add deprecation messages to sched_relax_domain_level (jsc#PED-12405).\n- kernel: Remove debug flavor (bsc#1243919).\n- Squashfs: check return result of sb_min_blocksize (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).\n- USB: VLI disk crashes if LPM is used (stable-fixes).\n- USB: gadget: core: create sysfs link between udc and gadget (git-fixes).\n- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes).\n- USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).\n- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).\n- USB: wdm: add annotation (git-fixes).\n- USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes).\n- USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes).\n- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes).\n- Update config. Enable HiSi accel VFIO PCI (jsc#PED-12622 bsc#1241095) - Update config files. \tCONFIG_HISI_ACC_VFIO_PCI=m - supported.conf: \t+ drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci\n- Update config. Enable HiSi accel VFIO PCI (jsc#PED-12622) - Update config files. \tCONFIG_HISI_ACC_VFIO_PCI=m - supported.conf: \t+ drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci\n- Update config. Enable SPI DW mmio driver (jsc#PED-12622 bsc#1241095) - CONFIG_SPI_DW_MMIO=m - supported.conf \t+ drivers/spi/spi-dw \t+ drivers/spi/spi-dw-mmio\n- Update config. Enable SPI DW mmio driver (jsc#PED-12622) - CONFIG_SPI_DW_MMIO=m - supported.conf \t+ drivers/spi/spi-dw \t+ drivers/spi/spi-dw-mmio\n- Update patches.suse/KVM-PPC-Enable-CAP_SPAPR_TCE_VFIO-on-pSeries-KVM-gue.patch (jsc#PED-10539 git-fixes bsc#1240419 ltc#212279).\n- Update patches.suse/RDMA-core-Don-t-expose-hw_counters-outside-of-init-n.patch (git-fixes bsc#1239925).\n- Update patches.suse/kABI-fix-for-RDMA-core-Don-t-expose-hw_counters-outs.patch (git-fixes bsc#1239925). Add bug reference.\n- Update patches.suse/net-smc-Introduce-IPPROTO_SMC.patch (jsc#PED-10299 bsc#1241689).\n- Update patches.suse/net-smc-do-not-leave-a-dangling-sk-pointer-in-__smc_create.patch (jsc#PED-10299 bsc#1241689).\n- Update patches.suse/net-smc-expose-smc-proto-operations.patch (jsc#PED-10299 bsc#1241689).\n- Update patches.suse/net-smc-fix-lacks-of-icsk_syn_mss-with-IPPROTO_SMC.patch (jsc#PED-10299 bsc#1241689).\n- Update patches.suse/net-smc-prevent-UAF-in-inet_create.patch (jsc#PED-10299 bsc#1241689).\n- Update patches.suse/net-smc-refactoring-initialization-of-smc-sock.patch (jsc#PED-10299 bsc#1241689).\n- Update patches.suse/nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149).\n- Update patches.suse/nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149).\n- Update patches.suse/smc-Fix-lockdep-false-positive-for-IPPROTO_SMC.patch (bsc#1241689 jsc#PED-10299 bsc#1241689).\n- Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).\n- accel/ivpu: Fix PM related deadlocks in MS IOCTLs (git-fixes).\n- accel/ivpu: Fix deadlock in ivpu_ms_cleanup() (git-fixes).\n- accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal() (git-fixes).\n- accel/ivpu: Increase DMA address range (PED-12367).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).\n- add bug reference for an existing hv_netvsc change (bsc#1243737).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- affs: do not write overlarge OFS data block size fields (git-fixes).\n- affs: generate OFS sequence numbers starting at 1 (git-fixes).\n- afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).\n- afs: Make it possible to find the volumes that are using a server (git-fixes).\n- ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes).\n- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)\n- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)\n- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)\n- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)\n- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)\n- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)\n- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)\n- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)\n- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).\n- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)\n- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).\n- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: insn: Add support for encoding DSB (bsc#1242778).\n- arm64: insn: Add support for encoding DSB (git-fixes)\n- arm64: mm: Correct the update of max_pfn (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: proton-pack: Add new CPUs \u0027k\u0027 values for branch mitigation (bsc#1242778).\n- arm64: proton-pack: Add new CPUs \u0027k\u0027 values for branch mitigation (git-fixes)\n- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).\n- arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)\n- arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)\n- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).\n- asus-laptop: Fix an uninitialized variable (git-fixes).\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-sata: Save all fields from sense data descriptor (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes).\n- ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes).\n- ata: libata-scsi: Improve CDL control (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes).\n- auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes).\n- auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- badblocks: Fix error shitf ops (git-fixes).\n- badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes).\n- badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes).\n- badblocks: fix the using of MAX_BADBLOCKS (git-fixes).\n- badblocks: return error directly when setting badblocks exceeds 512 (git-fixes).\n- badblocks: return error if any badblock set fails (git-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- bitmap: Align documentation between bitmap_gather() and bitmap_scatter() (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes).\n- block: change blk_mq_add_to_batch() third argument type to bool (git-fixes).\n- block: fix \u0027kmem_cache of name \u0027bio-108\u0027 already exists\u0027 (git-fixes).\n- block: fix conversion of GPT partition name to 7-bit (git-fixes).\n- block: fix resource leak in blk_register_queue() error path (git-fixes).\n- block: integrity: Do not call set_page_dirty_lock() (git-fixes).\n- block: make sure -\u003enr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes).\n- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).\n- bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).\n- bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).\n- bnxt_en: Fix ethtool selftest output in one of the failure cases (git-fixes).\n- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).\n- bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes).\n- bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes).\n- bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() (git-fixes).\n- bnxt_en: fix module unload sequence (git-fixes).\n- bnxt_en: improve TX timestamping FIFO configuration (git-fixes).\n- bonding: fix incorrect MAC address setting to receive NS messages (git-fixes).\n- bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes).\n- bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes).\n- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).\n- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).\n- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).\n- bpf: Scrub packet on bpf_redirect_peer (git-fixes).\n- bpf: add find_containing_subprog() utility function (bsc#1241590).\n- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).\n- bpf: check changes_pkt_data property for extension programs (bsc#1241590).\n- bpf: consider that tail calls invalidate packet pointers (bsc#1241590).\n- bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590).\n- bpf: fix potential error return (git-fixes).\n- bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590).\n- bpf: track changes_pkt_data property for global functions (bsc#1241590).\n- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204).\n- btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).\n- btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710).\n- btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).\n- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).\n- btrfs: avoid monopolizing a core when activating a swap file (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not loop for nowait writes when checking for cross references (git-fixes).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).\n- btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).\n- btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151).\n- btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204).\n- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).\n- btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204).\n- btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- can: bcm: add locking for bcm_op runtime updates (git-fixes).\n- can: bcm: add missing rcu read protection for procfs content (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).\n- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).\n- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).\n- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: slcan: allow reception of short error messages (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes).\n- cgroup/blkio: Add deprecation messages to reset_stats (jsc#PED-12405).\n- cgroup/cpuset-v1: Add deprecation messages to mem_exclusive and mem_hardwall (jsc#PED-12405).\n- cgroup/cpuset-v1: Add deprecation messages to memory_migrate (jsc#PED-12405).\n- cgroup/cpuset-v1: Add deprecation messages to memory_spread_page and memory_spread_slab (jsc#PED-12405).\n- cgroup/cpuset-v1: Add deprecation messages to sched_load_balance and memory_pressure_enabled (jsc#PED-12405).\n- cgroup/cpuset: Fix error handling in remote_partition_disable() (bsc#1241166).\n- cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() (bsc#1241166).\n- cgroup/cpuset: Fix spelling errors in file kernel/cgroup/cpuset.c (bsc#1241166).\n- cgroup: Add deprecation message to legacy freezer controller (jsc#PED-12405).\n- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).\n- char: misc: register chrdev region with all possible minors (git-fixes).\n- check-for-config-changes: Fix flag name typo\n- cifs: Fix integer overflow while processing actimeo mount option (git-fixes).\n- cifs: reduce warning log level for server not advertising interfaces (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Re-enable rbd (bsc#1239991)\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- counter: fix privdata alignment (git-fixes).\n- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).\n- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)\n- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)\n- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: algif_hash - fix double free in hash_accept (git-fixes).\n- crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes).\n- crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).\n- crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \u0027Invalide\u0027 -\u003e \u0027Invalid\u0027 (jsc#PED-12416).\n- crypto: qat - Fix typo \u0027accelaration\u0027 (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add shutdown handler to qat_420xx (bsc#1239934).\n- crypto: qat - add shutdown handler to qat_4xxx (bsc#1239934).\n- crypto: qat - add shutdown handler to qat_c3xxx (bsc#1239934).\n- crypto: qat - add shutdown handler to qat_c62x (bsc#1239934).\n- crypto: qat - add shutdown handler to qat_dh895xcc (bsc#1239934).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416). - Refresh patches.suse/crypto-qat-disable-IOV-in-adf_dev_stop.patch. - Refresh patches.suse/crypto-qat-remove-check-after-debugfs_create_dir.patch.\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \u0027Full Going True\u0027 macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove redundant prototypes in qat_c3xxx (bsc#1239934).\n- crypto: qat - remove redundant prototypes in qat_c62x (bsc#1239934).\n- crypto: qat - remove redundant prototypes in qat_dh895xcc (bsc#1239934).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes).\n- cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports (bsc#1242125).\n- devlink: fix port new reply cmd type (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-bufio: do not schedule in atomic context (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-ebs: fix prefetch-vs-suspend race (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-integrity: fix a warning on invalid table line (git-fixes).\n- dm-integrity: set ti-\u003eerror on memory allocation failure (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). mwilck: some hand editing because d95e2c34a3ca (\u0027dm verity: Fix IO priority lost when reading FEC and hash\u0027) is missing\n- dm-verity: fix prefetch-vs-suspend race (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dm: add missing unlock on in dm_keyslot_evict() (git-fixes).\n- dm: always update the array size in realloc_argv on success (git-fixes).\n- dm: fix copying after src array boundaries (git-fixes).\n- dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() (git-fixes).\n- dma-buf: insert memory barrier before updating num_fences (git-fixes).\n- dmaengine: Revert \u0027dmaengine: dmatest: Fix dmatest waiting less when interrupted\u0027 (git-fixes).\n- dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes).\n- dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).\n- dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).\n- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).\n- dmaengine: idxd: Fix -\u003epoll() return value (git-fixes).\n- dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).\n- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).\n- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).\n- dmaengine: mediatek: drop unused variable (git-fixes).\n- dmaengine: ti: k3-udma: Add missing locking (git-fixes).\n- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).\n- docs: perf: Fix build warning of hisi-pcie-pmu.rst (bsc#1237704 bsc#1241095)\n- docs: perf: Fix build warning of hisi-pcie-pmu.rst (bsc#1237704)\n- docs: perf: Update usage for target filter of hisi-pcie-pmu (bsc#1237704 bsc#1241095)\n- docs: perf: Update usage for target filter of hisi-pcie-pmu (bsc#1237704)\n- docs: thermal: sync hardware protection doc with code (git-fixes).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- drivers/perf: hisi_pcie: Add more events for counting TLP bandwidth (bsc#1237704 bsc#1241095)\n- drivers/perf: hisi_pcie: Add more events for counting TLP bandwidth (bsc#1237704)\n- drivers/perf: hisi_pcie: Check the target filter properly (bsc#1237704 bsc#1241095)\n- drivers/perf: hisi_pcie: Check the target filter properly (bsc#1237704)\n- drivers/perf: hisi_pcie: Fix incorrect counting under metric mode (bsc#1237704 bsc#1241095)\n- drivers/perf: hisi_pcie: Fix incorrect counting under metric mode (bsc#1237704)\n- drivers/perf: hisi_pcie: Introduce hisi_pcie_pmu_get_event_ctrl_val() (bsc#1237704 bsc#1241095)\n- drivers/perf: hisi_pcie: Introduce hisi_pcie_pmu_get_event_ctrl_val() (bsc#1237704)\n- drivers/perf: hisi_pcie: Merge find_related_event() and (bsc#1237704 bsc#1241095)\n- drivers/perf: hisi_pcie: Merge find_related_event() and (bsc#1237704)\n- drivers/perf: hisi_pcie: Relax the check on related events (bsc#1237704 bsc#1241095)\n- drivers/perf: hisi_pcie: Relax the check on related events (bsc#1237704)\n- drivers/perf: hisi_pcie: Rename hisi_pcie_pmu_{config,clear}_filter() (bsc#1237704 bsc#1241095)\n- drivers/perf: hisi_pcie: Rename hisi_pcie_pmu_{config,clear}_filter() (bsc#1237704)\n- drivers: base: devres: Allow to release group on device release (stable-fixes).\n- drm/amd/amdkfd: Evict all queues even HWS remove queue failed (stable-fixes).\n- drm/amd/display/dml2: use vzalloc rather than kzalloc (bsc#1241568).\n- drm/amd/display: Actually do immediate vblank disable (git-fixes).\n- drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 (stable-fixes).\n- drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 (stable-fixes).\n- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).\n- drm/amd/display: Copy AUX read reply data whenever length \u003e 0 (git-fixes).\n- drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() (git-fixes).\n- drm/amd/display: Do not write DP_MSTM_CTRL after LT (stable-fixes).\n- drm/amd/display: Enable urgent latency adjustment on DCN35 (stable-fixes).\n- drm/amd/display: Exit idle optimizations before accessing PHY (git-fixes).\n- drm/amd/display: Fix gpu reset in multidisplay config (git-fixes).\n- drm/amd/display: Fix invalid context error in dml helper (git-fixes).\n- drm/amd/display: Fix message for support_edp0_on_dp1 (git-fixes).\n- drm/amd/display: Fix out-of-bound accesses (stable-fixes).\n- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).\n- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).\n- drm/amd/display: Force full update in gpu reset (stable-fixes).\n- drm/amd/display: Increase vblank offdelay for PSR panels (git-fixes).\n- drm/amd/display: Protect FPU in dml21_copy() (git-fixes).\n- drm/amd/display: Protect FPU in dml2_init()/dml21_init() (git-fixes).\n- drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() (git-fixes).\n- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).\n- drm/amd/display: Temporarily disable hostvm on DCN31 (stable-fixes).\n- drm/amd/display: Update Cursor request mode to the beginning prefetch always (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix an indent issue in DML21 (git-fixes).\n- drm/amd/display: fix default brightness (git-fixes).\n- drm/amd/display: fix missing .is_two_pixels_per_container (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).\n- drm/amd/display: prevent hang on link training fail (stable-fixes).\n- drm/amd/display: stop DML2 from removing pipes based on planes (stable-fixes).\n- drm/amd/pm/smu11: Prevent division by zero (git-fixes).\n- drm/amd/pm: Prevent division by zero (git-fixes).\n- drm/amd/pm: add unique_id for gfx12 (stable-fixes).\n- drm/amd/pm: always allow ih interrupt from fw (stable-fixes).\n- drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).\n- drm/amd: Handle being compiled without SI or CIK support better (stable-fixes).\n- drm/amd: Keep display off while going into S4 (stable-fixes).\n- drm/amdgpu/display: Allow DCC for video formats on GFX12 (stable-fixes).\n- drm/amdgpu/dma_buf: fix page_link check (git-fixes).\n- drm/amdgpu/gfx11: fix num_mec (git-fixes).\n- drm/amdgpu/gfx12: correct cleanup of \u0027me\u0027 field with gfx_v12_0_me_fini() (git-fixes).\n- drm/amdgpu/gfx12: fix num_mec (git-fixes).\n- drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/mes11: optimize MES pipe FW version fetching (git-fixes).\n- drm/amdgpu/mes12: optimize MES pipe FW version fetching (git-fixes).\n- drm/amdgpu/pm: Handle SCLK offset correctly in overdrive for smu 14.0.2 (stable-fixes).\n- drm/amdgpu/pm: wire up hwmon fan speed for smu 14.0.2 (stable-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu/umsch: fix ucode check (git-fixes).\n- drm/amdgpu/vcn: using separate VCN1_AON_SOC offset (stable-fixes).\n- drm/amdgpu: Add back JPEG to video caps for carrizo and newer (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Fix offset for HDP remap in nbio v7.11 (stable-fixes).\n- drm/amdgpu: Increase KIQ invalidate_tlbs timeout (stable-fixes).\n- drm/amdgpu: NULL-check BO\u0027s backing store when determining GFX12 PTE flags (git-fixes).\n- drm/amdgpu: Prefer shadow rom when available (git-fixes).\n- drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).\n- drm/amdgpu: Remove JPEG from vega and carrizo video caps (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: Restore uncached behaviour on GFX12 (stable-fixes).\n- drm/amdgpu: Unlocked unmap only clear page table leaves (stable-fixes).\n- drm/amdgpu: Use the right function for hdp flush (stable-fixes).\n- drm/amdgpu: fix pm notifier handling (git-fixes).\n- drm/amdgpu: fix warning of drm_mm_clean (git-fixes).\n- drm/amdgpu: grab an additional reference on the gang fence v2 (stable-fixes).\n- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes).\n- drm/amdgpu: immediately use GTT for new allocations (git-fixes).\n- drm/amdgpu: refine smu send msg debug log format (git-fixes).\n- drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).\n- drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 (stable-fixes).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).\n- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes).\n- drm/amdkfd: Fix user queue validation on Gfx7/8 (git-fixes).\n- drm/amdkfd: clamp queue size to minimum (stable-fixes).\n- drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).\n- drm/ast: Fix ast_dp connection status (git-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \u0027gettin\u0027 -\u003e \u0027getting\u0027 (git-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/debugfs: fix printk format for bridge index (stable-fixes).\n- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).\n- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).\n- drm/fdinfo: Protect against driver unbind (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/color: Extract intel_color_modeset() (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/dsi: convert to struct intel_display (stable-fixes).\n- drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes).\n- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).\n- drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions\u0027 (git-fixes).\n- drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes).\n- drm/i915: Disable RPG during live selftest (git-fixes).\n- drm/i915: Increase I915_PARAM_MMAP_GTT_VERSION version to indicate support for partial mmaps (git-fixes).\n- drm/i915: Plumb \u0027dsb\u0027 all way to the plane hooks (stable-fixes).\n- drm/imagination: fix firmware memory leaks (git-fixes).\n- drm/imagination: take paired job reference (git-fixes).\n- drm/mediatek: Fix config_updating flag never false when no mbox channel (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes).\n- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Fix value in \u0026lt;VBLKSTR\u003e register (git-fixes).\n- drm/mipi-dbi: Fix blanking for non-16 bit formats (git-fixes).\n- drm/msm/a6xx+: Do not let IB_SIZE overflow (git-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: do not set crtc_state-\u003emode_changed from atomic_check() (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi/phy: Program clock inverters in correct register (git-fixes).\n- drm/msm/dsi: Add check for devm_kstrdup() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes).\n- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).\n- drm/panic: fix overindented list items in documentation (git-fixes).\n- drm/panic: use `div_ceil` to clean Clippy warning (git-fixes).\n- drm/panthor: Update CS_STATUS_ defines to correct values (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/sti: remove duplicate object names (git-fixes).\n- drm/tests: Add helper to create mock crtc (stable-fixes).\n- drm/tests: Add helper to create mock plane (stable-fixes).\n- drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes).\n- drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes).\n- drm/tests: hdmi: Remove redundant assignments (stable-fixes).\n- drm/tests: helpers: Add atomic helpers (stable-fixes).\n- drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes).\n- drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes).\n- drm/tests: helpers: Fix compiler warning (git-fixes).\n- drm/tests: modes: Fix drm_display_mode memory leak (git-fixes).\n- drm/tests: modeset: Fix drm_display_mode memory leak (git-fixes).\n- drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes).\n- drm/tests: shmem: Fix memleak (git-fixes).\n- drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm/vmwgfx: Use VMware hypercall API (jsc#PED-11518).\n- drm/xe/dma_buf: stop relying on placement in unmap (git-fixes).\n- drm/xe/hw_engine: define sysfs_ops on all directories (git-fixes).\n- drm/xe/pm: Temporarily disable D3Cold on BMG (git-fixes).\n- drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs (git-fixes).\n- drm/xe/tests/mocs: Update xe_force_wake_get() return handling (stable-fixes).\n- drm/xe/userptr: Fix an incorrect assert (git-fixes).\n- drm/xe/userptr: fix notifier vs folio deadlock (git-fixes).\n- drm/xe/vf: Do not try to trigger a full GT reset if VF (stable-fixes).\n- drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 (stable-fixes).\n- drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds (stable-fixes).\n- drm/xe: Add page queue multiplier (git-fixes).\n- drm/xe: Fix GT \u0027for each engine\u0027 workarounds (stable-fixes).\n- drm/xe: Fix an out-of-bounds shift when invalidating TLB (git-fixes).\n- drm/xe: Fix exporting xe buffers multiple times (git-fixes).\n- drm/xe: Release guc ids before cancelling work (git-fixes).\n- drm/xe: Remove double pageflip (git-fixes).\n- drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value (git-fixes).\n- drm/xe: Set LRC addresses before guc load (git-fixes).\n- drm/xe: Use local fence in error path of xe_migrate_clear (git-fixes).\n- drm/xe: remove redundant check in xe_vm_create_ioctl() (git-fixes).\n- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes).\n- drm: allow encoder mode_set even when connectors change for crtc (stable-fixes).\n- drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes).\n- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes).\n- drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes).\n- drm: panel: jd9365da: fix reset signal polarity in unprepare (git-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- e1000e: change k1 configuration on MTP and later platforms (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- enable IMA (bsc#1240617)\n- eth: bnxt: do not use BNXT_VNIC_NTUPLE unconditionally in queue restart logic (git-fixes).\n- eth: bnxt: fix memory leak in queue reset (git-fixes).\n- eth: bnxt: fix missing ring index trim on error path (git-fixes).\n- eth: bnxt: fix out-of-range access of vnic_info array (git-fixes).\n- ethtool: Fix context creation with no parameters (git-fixes).\n- ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes).\n- ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes).\n- ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (git-fixes).\n- ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes).\n- ethtool: fix setting key and resetting indir at once (git-fixes).\n- ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes).\n- ethtool: netlink: do not return SQI value if link is down (git-fixes).\n- ethtool: ntuple: fix rss + ring_cookie check (git-fixes).\n- ethtool: plca: fix plca enable data type while parsing the value (git-fixes).\n- ethtool: rss: echo the context number back (git-fixes).\n- ethtool: rss: fix hiding unsupported fields in dumps (git-fixes).\n- exfat: do not fallback to buffered write (git-fixes).\n- exfat: drop -\u003ei_size_ondisk (git-fixes).\n- exfat: fix potential wrong error return from get_block (git-fixes).\n- exfat: fix soft lockup in exfat_clear_bitmap (git-fixes).\n- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).\n- exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes).\n- ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342).\n- ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).\n- ext4: do not over-report free space or inodes in statvfs (bsc#1242345).\n- ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347).\n- ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).\n- ext4: goto right label \u0027out_mmap_sem\u0027 in ext4_setattr() (bsc#1242556).\n- ext4: make block validity check resistent to sb bh corruption (bsc#1242348).\n- ext4: partial zero eof block on unaligned inode size extension (bsc#1242336).\n- ext4: protect ext4_release_dquot against freezing (bsc#1242335).\n- ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). Refresh patches.suse/ext4-move-setting-of-trimmed-bit-into-ext4_try_to_tr.patch Refresh patches.suse/ext4-fix-inconsistent-between-segment-fstrim-and-ful.patch\n- ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539).\n- ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). Refresh: patches.suse/ext4-avoid-online-resizing-failures-due-to-oversized.patch\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omapfb: Add \u0027plane\u0027 value check (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes).\n- firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- fs/jfs: Prevent integer overflow in AG size calculation (git-fixes).\n- fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes).\n- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250).\n- fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). Refresh patches.suse/dcache-keep-dentry_hashtable-or-d_hash_shift-even-when-not.patch\n- fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535).\n- fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526).\n- fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).\n- gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes).\n- gpu: cdns-mhdp8546: fix call balance of mhdp-\u003eclk handling routines (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gve: handle overflow when reporting TX consumed descriptors (git-fixes).\n- gve: set xdp redirect target only when it is available (git-fixes).\n- gve: unlink old napi only if page pool exists (git-fixes).\n- gve: unlink old napi when stopping a queue using queue API (git-fixes).\n- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes).\n- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).\n- hv_netvsc: Remove rmsg_pgcnt (git-fixes).\n- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).\n- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: atr: Fix wrong include (git-fixes).\n- i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes).\n- i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).\n- i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- ice: Add check for devm_kzalloc() (git-fixes).\n- ice: Avoid setting default Rx VSI twice in switchdev setup (git-fixes).\n- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).\n- ice: Fix switchdev slow-path in LAG (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: do not configure destination override for switchdev (git-fixes).\n- ice: ensure periodic output start time is in the future (git-fixes).\n- ice: fix ice_parser_rt::bst_key array size (git-fixes).\n- ice: fix input validation for virtchnl BW (git-fixes).\n- ice: fix reservation of resources for RDMA when disabled (git-fixes).\n- ice: remove invalid parameter of equalizer (git-fixes).\n- ice: stop truncating queue ids when checking (git-fixes).\n- idpf: Acquire the lock before accessing the xn-\u003esalt (git-fixes).\n- idpf: check error for register_netdev() on init (git-fixes).\n- idpf: fix adapter NULL pointer dereference on reboot (git-fixes).\n- idpf: fix offloads support for encapsulated packets (git-fixes).\n- idpf: fix potential memory leak on kcalloc() failure (git-fixes).\n- idpf: fix transaction timeouts on reset (git-fixes).\n- idpf: protect shutdown from reset (git-fixes).\n- idpf: record rx queue in skb for RSC packets (git-fixes).\n- igb: reject invalid external timestamp requests for 82580-based HW (git-fixes).\n- igc: add lock preventing multiple simultaneous PTM transactions (git-fixes).\n- igc: cleanup PTP module if probe fails (git-fixes).\n- igc: fix PTM cycle trigger logic (git-fixes).\n- igc: fix lock order in igc_ptp_reset (git-fixes).\n- igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes).\n- igc: increase wait time before retrying PTM (git-fixes).\n- igc: move ktime snapshot into PTM retry loop (git-fixes).\n- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: ad7606: fix serial register access (git-fixes).\n- iio: adc: ad7768-1: Fix conversion result sign (git-fixes).\n- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes).\n- iio: adis16201: Correct inclinometer channel resolution (git-fixes).\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).\n- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- inetpeer: remove create argument of inet_getpeer_v() (git-fixes).\n- inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- input/vmmouse: Use VMware hypercall API (jsc#PED-11518).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- io_uring/sqpoll: Increase task_work submission batch size (bsc#1238585).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (bsc#1243341)\n- iommu/vt-d: Assign owner to the static identity domain (bsc#1241193).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- iommu/vt-d: Remove device comparison in context_setup_pass_through_cb (git-fixes).\n- iommu: Allow attaching static domains in iommu_attach_device_pasid() (bsc#1241193).\n- iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes).\n- ipv4/route: avoid unused-but-set-variable warning (git-fixes).\n- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).\n- ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).\n- ipv4: Fix incorrect source address in Record Route option (git-fixes).\n- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: fib: annotate races around nh-\u003enh_saddr_genid and nh-\u003enh_saddr (git-fixes).\n- ipv4: fix source address selection with route leak (git-fixes).\n- ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).\n- ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).\n- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes).\n- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).\n- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).\n- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Align behavior across nexthops during path selection (git-fixes).\n- ipv6: Do not consider link down nexthops in path selection (git-fixes).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Start path selection from the first nexthop (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- irqchip/davinci: Remove leftover header (git-fixes).\n- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes).\n- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).\n- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307).\n- iwlwifi: correct modinfo firmware ucode (bsc#1243020).\n- ixgbe: fix media type detection for E610 device (git-fixes).\n- jbd2: add a missing data flush during file and fs synchronization (bsc#1242346).\n- jbd2: fix off-by-one while erasing journal (bsc#1242344).\n- jbd2: flush filesystem device before updating tail sequence (bsc#1242333).\n- jbd2: increase IO priority for writing revoke records (bsc#1242332).\n- jbd2: increase the journal IO\u0027s priority (bsc#1242537).\n- jbd2: remove wrong sb-\u003es_sequence check (bsc#1242343).\n- jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes).\n- jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: add sanity check for agwidth in dbMount (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).\n- jiffies: Define secs_to_jiffies() (bsc#1242993).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for hci_core changes (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for l2cap_conn changes (git-fixes).\n- kABI workaround for powercap update (bsc#1241010).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kernel-binary: Support livepatch_rt with merged RT branch\n- kernel-obs-qa: Use srchash for dependency as well\n- keys: Fix UAF in key_put() (git-fixes).\n- ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes).\n- kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).\n- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- loop: Add sanity check for read/write_iter (git-fixes).\n- loop: LOOP_SET_FD: send uevents for partitions (git-fixes).\n- loop: aio inherit the ioprio of original request (git-fixes).\n- loop: do not require -\u003ewrite_iter for writable files in loop_configure (git-fixes).\n- loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes).\n- loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes).\n- md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) Also reenable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch\n- md/raid1,raid10: do not ignore IO flags (git-fixes).\n- md/raid10: fix missing discard IO accounting (git-fixes).\n- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).\n- md/raid1: Add check for missing source disk in process_checks() (git-fixes).\n- md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).\n- md/raid5: implement pers-\u003ebitmap_sector() (git-fixes).\n- md: add a new callback pers-\u003ebitmap_sector() (git-fixes).\n- md: ensure resync is prioritized over recovery (git-fixes).\n- md: fix mddev uaf while iterating all_mddevs list (git-fixes).\n- md: preserve KABI in struct md_personality v2 (git-fixes). Added to mitigate md-add-a-new-callback-pers-bitmap_sector.patch, which was a git-fix.\n- mdacon: rework dependency list (git-fixes).\n- media: chips-media: wave5: Fix a hang after seeking (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in probe (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: imx214: Rectify probe error handling related to runtime PM (git-fixes).\n- media: i2c: imx219: Rectify runtime PM handling in probe and remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: intel/ipu6: set the dev_parent of video device to pdev (git-fixes).\n- media: omap3isp: Handle ARM dma_iommu_mapping (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake H DID (stable-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- mei: vsc: Fix fortify-panic caused by invalid counted_by() use (git-fixes).\n- memblock tests: fix warning: \u0027__ALIGN_KERNEL\u0027 redefined (git-fixes). Fix tools/ build breakage introduced by suse commit 3d6cb93162fd \u0027bitmap: introduce generic optimized bitmap_size() (git-fixes)\u0027\n- memcg: initiate deprecation of oom_control (jsc#PED-12405).\n- memcg: initiate deprecation of pressure_level (jsc#PED-12405).\n- memcg: initiate deprecation of v1 soft limit (jsc#PED-12405).\n- memcg: initiate deprecation of v1 tcp accounting (jsc#PED-12405).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes).\n- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm/readahead: fix large folio support in async readahead (bsc#1242321).\n- mm: Add transformation message for per-memcg swappiness (jsc#PED-12405).\n- mm: Fix a build breakage in memcontrol.c (jsc#PED-12405).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326).\n- mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327).\n- mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546).\n- mm: memcontrol: clarify swapaccount=0 deprecation warning (jsc#PED-12405).\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).\n- mptcp: fix rcv buffer auto-tuning (bsc#1220419 bsc#1222656 bsc#1236394).\n- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes).\n- mptcp: refine opt_mp_capable determination (git-fixes).\n- mptcp: relax check on MPC passive fallback (git-fixes).\n- mptcp: strict validation before using mp_opt-\u003ehmac (git-fixes).\n- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes).\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: phram: Add the kernel lock down check (bsc#1232649).\n- mtd: rawnand: Add status chack in r852_ready() (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- neighbour: delete redundant judgment statements (git-fixes).\n- net/handshake: Fix handshake_req_destroy_test1 (git-fixes).\n- net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).\n- net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).\n- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).\n- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).\n- net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).\n- net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).\n- net/mlx5: Fill out devlink dev info only for PFs (git-fixes).\n- net/mlx5: Fix incorrect IRQ pool usage when releasing IRQs (git-fixes).\n- net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() (git-fixes).\n- net/mlx5: HWS, Rightsize bwc matcher priority (git-fixes).\n- net/mlx5: IRQ, Fix null string in debug print (git-fixes).\n- net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes).\n- net/mlx5: Move ttc allocation after switch case to prevent leaks (git-fixes).\n- net/mlx5: Restore missing trace event when enabling vport QoS (git-fixes).\n- net/mlx5: Start health poll after enable hca (git-fixes).\n- net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).\n- net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes).\n- net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover (git-fixes).\n- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes).\n- net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes).\n- net/mlx5e: TC, Continue the attr process even if encap entry is invalid (git-fixes).\n- net/mlx5e: Use custom tunnel header for vxlan gbp (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: Introduce IPPROTO_SMC (jsc#PED-10299).\n- net/smc: do not leave a dangling sk pointer in __smc_create() (jsc#PED-10299).\n- net/smc: expose smc proto operations (jsc#PED-10299).\n- net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC (jsc#PED-10299).\n- net/smc: prevent UAF in inet_create() (jsc#PED-10299).\n- net/smc: refactoring initialization of smc sock (jsc#PED-10299).\n- net/tcp: refactor tcp_inet6_sk() (git-fixes).\n- net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).\n- net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).\n- net: Handle napi_schedule() calls from non-interrupt (git-fixes).\n- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).\n- net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: annotate data-races around sk-\u003esk_dst_pending_confirm (git-fixes).\n- net: annotate data-races around sk-\u003esk_tx_queue_mapping (git-fixes).\n- net: blackhole_dev: fix build warning for ethh set but not used (git-fixes).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: do not dump stack on queue timeout (git-fixes).\n- net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes).\n- net: ethtool: Fix RSS setting (git-fixes).\n- net: free_netdev: exit earlier if dummy (bsc#1243215).\n- net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).\n- net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: Switch to page pool for jumbo frames (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: mark racy access on sk-\u003esk_rcvbuf (git-fixes).\n- net: phy: leds: fix memory leak (git-fixes).\n- net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes).\n- net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).\n- net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).\n- net: sctp: fix skb leak in sctp_inq_free() (git-fixes).\n- net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes).\n- net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).\n- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).\n- net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes).\n- net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- netdev-genl: avoid empty messages in queue dump (git-fixes).\n- netdev: fix repeated netlink messages in queue dump (git-fixes).\n- netlink: annotate data-races around sk-\u003esk_err (git-fixes).\n- netlink: specs: rt-link: add an attr layer around alt-ifname (git-fixes).\n- netlink: specs: rt-link: adjust mctp attribute naming (git-fixes).\n- netlink: specs: rtnetlink: attribute naming corrections (git-fixes).\n- netlink: specs: tc: all actions are indexed arrays (git-fixes).\n- netlink: specs: tc: fix a couple of attribute names (git-fixes).\n- netpoll: Ensure clean state on setup failures (git-fixes).\n- netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes).\n- nfs: add missing selections of CONFIG_CRC32 (git-fixes).\n- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).\n- nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).\n- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).\n- nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).\n- nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes).\n- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).\n- nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).\n- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).\n- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).\n- ntb: intel: Fix using link status DB\u0027s (git-fixes).\n- ntb: reduce stack usage in idt_scan_mws (stable-fixes).\n- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).\n- ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).\n- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).\n- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).\n- ntb_perf: Fix printk format (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).\n- nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).\n- nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes).\n- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).\n- nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).\n- nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes).\n- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix premature queue removal and I/O failover (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).\n- nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes).\n- nvme: Add \u0027partial_nid\u0027 quirk (bsc#1241148).\n- nvme: Add warning when a partiually unique NID is detected (bsc#1241148).\n- nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: multipath: fix return value of nvme_available_path (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: re-read ANA log page after ns scan completes (git-fixes).\n- nvme: requeue namespace scan on missed AENs (git-fixes).\n- nvme: unblock ctrl state transition for firmware update (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).\n- nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).\n- nvmet-fc: put ref when assoc-\u003edel_work is already scheduled (git-fixes).\n- nvmet-fc: take tgtport reference only once (git-fixes).\n- nvmet-fc: update tgtport ref per assoc (git-fixes).\n- nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).\n- nvmet-fcloop: add ref counting to lport (git-fixes).\n- nvmet-fcloop: replace kref with refcount (git-fixes).\n- nvmet-fcloop: swap list_add_tail arguments (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).\n- objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).\n- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).\n- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- octeontx2-pf: Do not reallocate all ntuple filters (git-fixes).\n- octeontx2-pf: Fix ethtool support for SDP representors (git-fixes).\n- octeontx2-pf: handle otx2_mbox_get_rsp errors (git-fixes).\n- octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).\n- padata: do not leak refcount in reorder_work (git-fixes).\n- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- perf tools: annotate asm_pure_loop.S (bsc#1239906).\n- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).\n- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)\n- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)\n- perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)\n- perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)\n- phy: Fix error handling in tegra_xusb_port_init (git-fixes).\n- phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).\n- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).\n- phy: tegra: xusb: remove a stray unlock (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).\n- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).\n- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes).\n- platform/x86/intel/ifs: Add Clearwater Forest to CPU support list (jsc#PED-10213).\n- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Correct command storage data length (git-fixes).\n- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).\n- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).\n- powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).\n- powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010).\n- powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010).\n- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).\n- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).\n- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).\n- powerpc/boot: Check for ld-option support (bsc#1215199).\n- powerpc/boot: Fix dash warning (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view (jsc#PED-10539 git-fixes).\n- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).\n- powerpc: Do not use --- in kernel logs (git-fixes).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- ptp/vmware: Use VMware hypercall API (jsc#PED-11518).\n- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes).\n- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes).\n- pwm: rcar: Improve register calculation (git-fixes).\n- qibfs: fix _another_ leak (git-fixes)\n- rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)\n- rcu/tasks: Handle new PF_IDLE semantics (git-fixes)\n- rcu: Break rcu_node_0 --\u003e \u0026rq-\u003e__lock order (git-fixes)\n- rcu: Introduce rcu_cpu_online() (git-fixes)\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- regulator: max20086: fix invalid memory access (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN\n- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used\n- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).\n- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986).\n- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). \n- rpm/package-descriptions: Add rt and rt_debug descriptions\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rtc: pcf85063: do a SW reset if POR failed (stable-fixes).\n- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).\n- s390/ap: Fix CCA crypto card behavior within protected execution environment (git-fixes bsc#1243817 LTC#213623).\n- s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).\n- s390/cio: Fix CHPID \u0027configure\u0027 attribute caching (git-fixes bsc#1240979).\n- s390/cpumf: Update CPU Measurement facility extended counter set support (bsc#1243115).\n- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes).\n- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390: Add z17 elf platform (bsc#1243116).\n- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (BSC#1241319).\n- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (bsc#1241319).\n- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)\n- sched/topology: Refinement to topology_span_sane speedup (bsc#1242119).\n- sched/topology: improve topology_span_sane speed (bsc#1242119).\n- sched: Add deprecation warning for users of RT_GROUP_SCHED (jsc#PED-11761 jsc#PED-12405).\n- scsi: Improve CDL control (git-fixes).\n- scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).\n- scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes).\n- scsi: fnic: Fix indentation and remove unnecessary parenthesis (git-fixes).\n- scsi: fnic: Remove unnecessary debug print (git-fixes).\n- scsi: fnic: Remove unnecessary spinlock locking and unlocking (git-fixes).\n- scsi: fnic: Replace fnic-\u003elock_flags with local flags (git-fixes).\n- scsi: fnic: Replace use of sizeof with standard usage (git-fixes).\n- scsi: hisi_sas: Check whether debugfs is enabled before removing or (bsc#1237546 bsc#1241095)\n- scsi: hisi_sas: Check whether debugfs is enabled before removing or (bsc#1237546)\n- scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes).\n- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).\n- scsi: hisi_sas: Remove hisi_hba-\u003etimer for v3 hw (bsc#1237545 bsc#1241095)\n- scsi: hisi_sas: Remove hisi_hba-\u003etimer for v3 hw (bsc#1237545)\n- scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes).\n- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).\n- scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).\n- scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).\n- scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).\n- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).\n- scsi: lpfc: Fix spelling mistake \u0027Toplogy\u0027 -\u003e \u0027Topology\u0027 (bsc#1242993).\n- scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).\n- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).\n- scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).\n- scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp-\u003enlp_flag (git-fixes).\n- scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).\n- scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).\n- scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).\n- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (bsc#1241388 jsc#PED-11258).\n- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).\n- scsi: megaraid_sas: Driver version update to 07.734.00.00-rc1 (bsc#1241388 jsc#PED-11258).\n- scsi: megaraid_sas: Make most module parameters static (bsc#1241388 jsc#PED-11258).\n- scsi: mpi3mr: Add level check to control event logging (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Avoid reply queue full condition (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Check admin reply queue from Watchdog (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Fix locking in an error path (git-fixes).\n- scsi: mpi3mr: Fix pending I/O counter (git-fixes).\n- scsi: mpi3mr: Fix spelling mistake \u0027skiping\u0027 -\u003e \u0027skipping\u0027 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Handling of fault code for insufficient power (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Reset the pending interrupt flag (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Support for Segmented Hardware Trace buffer (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Synchronize access to ioctl data buffer (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Task Abort EH Support (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update MPI Headers to revision 35 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update driver version to 8.12.0.3.50 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update driver version to 8.12.1.0.50 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update driver version to 8.13.0.5.50 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update timestamp only for supervisor IOCs (bsc#1241388 jsc#PED-12372).\n- scsi: mpt3sas: Add details to EEDPTagMode error message (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Add support for MCTP Passthrough commands (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).\n- scsi: mpt3sas: Fix buffer overflow in mpt3sas_send_mctp_passthru_req() (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Fix spelling mistake \u0027receveid\u0027 -\u003e \u0027received\u0027 (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes).\n- scsi: mpt3sas: Remove unused config functions (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Report driver capability as part of IOCINFO command (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Send a diag reset if target reset fails (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Update MPI headers to 02.00.62 version (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: update driver version to 52.100.00.00 (bsc#1241388 jsc#PED-11253).\n- scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).\n- scsi: qla2xxx: Fix typos in a comment (bsc#1243090).\n- scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).\n- scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).\n- scsi: qla2xxx: Remove unused module parameters (bsc#1243090).\n- scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).\n- scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes).\n- scsi: smartpqi: Use is_kdump_kernel() to check for kdump (git-fixes).\n- sctp: Fix undefined behavior in left shift operation (git-fixes).\n- sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes).\n- sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).\n- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes).\n- sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes).\n- sctp: fix busy polling (git-fixes).\n- sctp: prefer struct_size over open coded arithmetic (git-fixes).\n- sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).\n- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).\n- selftests/bpf: Add a few tests to cover (git-fixes).\n- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).\n- selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590).\n- selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590).\n- selftests/bpf: test for changing packet data from global functions (bsc#1241590).\n- selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590).\n- selftests/futex: futex_waitv wouldblock test should fail (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/mm: fix incorrect buffer-\u003emirror size in hmm2 double_map test (bsc#1242203).\n- selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selinux: Implement mptcp_add_subflow hook (bsc#1240375).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).\n- serial: msm: Configure correct working mode before starting earlycon (git-fixes).\n- serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes).\n- series.conf: temporarily disable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch (bsc#1238212)\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265).\n- smb: client: fix open_cached_dir retries with \u0027hard\u0027 mount option (bsc#1240616).\n- smc: Fix lockdep false-positive for IPPROTO_SMC (bsc#1241689 jsc#PED-10299).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes).\n- soundwire: bus: Fix race on the creation of the IRQ domain (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).\n- spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).\n- spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).\n- spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes).\n- spi: tegra114: Use value to check for invalid delays (git-fixes).\n- spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes).\n- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328).\n- sqpoll: increase tw batch size (bsc#1238585).\n- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).\n- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).\n- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).\n- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).\n- string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes).\n- supported.conf: Mark HiSi DMA controller as supported (jsc#PED-12622 bsc#1241095)\n- supported.conf: Mark HiSi PMU drivers as supported (jsc#PED-12622 bsc#1241095)\n- supported.conf: Mark HiSi PMU drivers as supported (jsc#PED-12622)\n- supported.conf: Mark HiSi TRNG v2 as supported (jsc#PED-12622 bsc#1241095)\n- supported.conf: Mark HiSi TRNG v2 as supported (jsc#PED-12622)\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (bsc#1220419 bsc#1222656 bsc#1236394).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (bsc#1220419 bsc#1222656 bsc#1236394).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (bsc#1220419 bsc#1222656 bsc#1236394).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (bsc#1220419 bsc#1222656 bsc#1236394).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (bsc#1220419 bsc#1222656 bsc#1236394).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: get rid of sysctl_tcp_adv_win_scale (bsc#1220419 bsc#1222656 bsc#1236394).\n- tcp: increase the default TCP scaling ratio (bsc#1220419 bsc#1222656 bsc#1236394).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).\n- tcp_cubic: fix incorrect HyStart round start detection (git-fixes).\n- thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold (git-fixes).\n- thermal/drivers/mediatek/lvts: Disable monitor mode during suspend (git-fixes).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).\n- thunderbolt: Scan retimers after device router has been enumerated (stable-fixes).\n- tools/hv: update route parsing in kvp daemon (git-fixes).\n- tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175).\n- tools/power turbostat: report CoreThr per measurement interval (git-fixes).\n- tools: move alignment-related macros to new \u0026lt;linux/align.h\u003e (git-fixes).\n- topology: Set capacity_freq_ref in all cases (bsc#1238052)\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tpm: tis: Double the timeout B to 4s (bsc#1235870).\n- tpm_tis: Move CRC check to generic send routine (bsc#1235870).\n- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).\n- tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT (git-fixes).\n- tty: n_tty: use uint for space returned by tty_write_room() (git-fixes).\n- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).\n- tty: serial: 8250: Add some more device IDs (stable-fixes).\n- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).\n- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: set_params: properly check if parameters can be applied (git-fixes).\n- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).\n- udf: Fix inode_getblk() return value (bsc#1242313).\n- udf: Skip parent dir link count update if corrupted (bsc#1242315).\n- udf: Verify inode link counts before performing rename (bsc#1242314).\n- usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).\n- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).\n- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes).\n- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes).\n- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).\n- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes).\n- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).\n- usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes).\n- usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).\n- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).\n- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes).\n- usb: gadget: f_ecm: Add get_status callback (git-fixes).\n- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).\n- usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes).\n- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).\n- usb: host: xhci-plat: mvebu: use -\u003equirks instead of -\u003einit_quirk() func (stable-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes).\n- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes).\n- usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).\n- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).\n- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).\n- usb: uhci-platform: Make the clock really optional (git-fixes).\n- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).\n- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).\n- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running (stable-fixes).\n- usb: xhci: Do not skip on Stopped - Length Invalid (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (stable-fixes).\n- usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes).\n- usb: xhci: correct debug message page size calculation (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet:fix NPE during rx_complete (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes).\n- vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).\n- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).\n- video: screen_info: Update framebuffers behind PCI bridges (bsc#1240696).\n- virtchnl: make proto and filter action count unsigned (git-fixes).\n- virtio_console: fix missing byte order handling for cols and rows (git-fixes).\n- vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).\n- vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394).\n- wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes).\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes).\n- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes).\n- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: iwlwifi: do not warn if the NIC is gone in resume (git-fixes).\n- wifi: iwlwifi: fix the check for the SCRATCH register upon resume (git-fixes).\n- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).\n- wifi: iwlwifi: pcie: Fix TSO preparation (git-fixes).\n- wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version 8 (stable-fixes).\n- wifi: mac80211, cfg80211: miscellaneous spelling fixes (git-fixes).\n- wifi: mac80211: Cleanup sta TXQs on flush (stable-fixes).\n- wifi: mac80211: Fix sparse warning for monitor_sdata (git-fixes).\n- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes).\n- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).\n- wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue() (git-fixes).\n- wifi: mac80211: check basic rates validity in sta_link_apply_parameters (git-fixes).\n- wifi: mac80211: do not queue sdata::work for a non-running sdata (git-fixes).\n- wifi: mac80211: ensure sdata-\u003ework is canceled before initialized (stable-fixes).\n- wifi: mac80211: fix SA Query processing in MLO (stable-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).\n- wifi: mac80211: remove debugfs dir for virtual monitor (stable-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: disable napi on driver removal (git-fixes).\n- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).\n- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).\n- x86/bugs: Add RSB mitigation document (git-fixes).\n- x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).\n- x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes).\n- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).\n- x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes).\n- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes).\n- x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).\n- x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).\n- x86/microcode/AMD: Split load_microcode_amd() (git-fixes).\n- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Set new revision only after a successful update (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \u0027nosmt\u0027 correctly (git-fixes).\n- x86/microcode: Handle \u0027offline\u0027 CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Remove the driver announcement and version (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Rework early revisions reporting (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/sev: Move sev_setup_arch() to mem_encrypt.c (bsc#1239314).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).\n- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).\n- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/vmware: Add TDX hypercall support (jsc#PED-11518).\n- x86/vmware: Correct macro names (jsc#PED-11518).\n- x86/vmware: Introduce VMware hypercall API (jsc#PED-11518).\n- x86/vmware: Remove legacy VMWARE_HYPERCALL* macros (jsc#PED-11518).\n- x86/vmware: Use VMware hypercall API (jsc#PED-11518).\n- x86/xen: move xen_reserve_extra_memory() (git-fixes).\n- xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).\n- xen: Change xen-acpi-processor dom0 dependency (git-fixes).\n- xenfs/xensyms: respect hypervisor\u0027s \u0027next\u0027 indication (git-fixes).\n- xfs: flush inodegc before swapon (git-fixes).\n- xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).\n- xhci: Limit time spent with xHC interrupts disabled during bus resume (stable-fixes).\n- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- xhci: split free interrupter into separate remove and free parts (git-fixes).\n- xsk: Add truesize to skb_add_rx_frag() (git-fixes).\n- xsk: Do not assume metadata is always requested in TX completion (git-fixes).\n- zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1967,SUSE-SLE-Module-Public-Cloud-15-SP7-2025-1967",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01967-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01967-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501967-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01967-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222656",
"url": "https://bugzilla.suse.com/1222656"
},
{
"category": "self",
"summary": "SUSE Bug 1223096",
"url": "https://bugzilla.suse.com/1223096"
},
{
"category": "self",
"summary": "SUSE Bug 1223809",
"url": "https://bugzilla.suse.com/1223809"
},
{
"category": "self",
"summary": "SUSE Bug 1224013",
"url": "https://bugzilla.suse.com/1224013"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224597",
"url": "https://bugzilla.suse.com/1224597"
},
{
"category": "self",
"summary": "SUSE Bug 1224757",
"url": "https://bugzilla.suse.com/1224757"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1228659",
"url": "https://bugzilla.suse.com/1228659"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230581",
"url": "https://bugzilla.suse.com/1230581"
},
{
"category": "self",
"summary": "SUSE Bug 1230764",
"url": "https://bugzilla.suse.com/1230764"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1231016",
"url": "https://bugzilla.suse.com/1231016"
},
{
"category": "self",
"summary": "SUSE Bug 1231103",
"url": "https://bugzilla.suse.com/1231103"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231910",
"url": "https://bugzilla.suse.com/1231910"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232493",
"url": "https://bugzilla.suse.com/1232493"
},
{
"category": "self",
"summary": "SUSE Bug 1232649",
"url": "https://bugzilla.suse.com/1232649"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232882",
"url": "https://bugzilla.suse.com/1232882"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233192",
"url": "https://bugzilla.suse.com/1233192"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1234074",
"url": "https://bugzilla.suse.com/1234074"
},
{
"category": "self",
"summary": "SUSE Bug 1234157",
"url": "https://bugzilla.suse.com/1234157"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234698",
"url": "https://bugzilla.suse.com/1234698"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1235149",
"url": "https://bugzilla.suse.com/1235149"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235526",
"url": "https://bugzilla.suse.com/1235526"
},
{
"category": "self",
"summary": "SUSE Bug 1235550",
"url": "https://bugzilla.suse.com/1235550"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236086",
"url": "https://bugzilla.suse.com/1236086"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236142",
"url": "https://bugzilla.suse.com/1236142"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236208",
"url": "https://bugzilla.suse.com/1236208"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236394",
"url": "https://bugzilla.suse.com/1236394"
},
{
"category": "self",
"summary": "SUSE Bug 1236704",
"url": "https://bugzilla.suse.com/1236704"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237111",
"url": "https://bugzilla.suse.com/1237111"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237312",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237545",
"url": "https://bugzilla.suse.com/1237545"
},
{
"category": "self",
"summary": "SUSE Bug 1237546",
"url": "https://bugzilla.suse.com/1237546"
},
{
"category": "self",
"summary": "SUSE Bug 1237704",
"url": "https://bugzilla.suse.com/1237704"
},
{
"category": "self",
"summary": "SUSE Bug 1237757",
"url": "https://bugzilla.suse.com/1237757"
},
{
"category": "self",
"summary": "SUSE Bug 1237874",
"url": "https://bugzilla.suse.com/1237874"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237882",
"url": "https://bugzilla.suse.com/1237882"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1238052",
"url": "https://bugzilla.suse.com/1238052"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238471",
"url": "https://bugzilla.suse.com/1238471"
},
{
"category": "self",
"summary": "SUSE Bug 1238473",
"url": "https://bugzilla.suse.com/1238473"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238527",
"url": "https://bugzilla.suse.com/1238527"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238565",
"url": "https://bugzilla.suse.com/1238565"
},
{
"category": "self",
"summary": "SUSE Bug 1238585",
"url": "https://bugzilla.suse.com/1238585"
},
{
"category": "self",
"summary": "SUSE Bug 1238714",
"url": "https://bugzilla.suse.com/1238714"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238737",
"url": "https://bugzilla.suse.com/1238737"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238742",
"url": "https://bugzilla.suse.com/1238742"
},
{
"category": "self",
"summary": "SUSE Bug 1238743",
"url": "https://bugzilla.suse.com/1238743"
},
{
"category": "self",
"summary": "SUSE Bug 1238745",
"url": "https://bugzilla.suse.com/1238745"
},
{
"category": "self",
"summary": "SUSE Bug 1238746",
"url": "https://bugzilla.suse.com/1238746"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238774",
"url": "https://bugzilla.suse.com/1238774"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238782",
"url": "https://bugzilla.suse.com/1238782"
},
{
"category": "self",
"summary": "SUSE Bug 1238862",
"url": "https://bugzilla.suse.com/1238862"
},
{
"category": "self",
"summary": "SUSE Bug 1238866",
"url": "https://bugzilla.suse.com/1238866"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238961",
"url": "https://bugzilla.suse.com/1238961"
},
{
"category": "self",
"summary": "SUSE Bug 1238970",
"url": "https://bugzilla.suse.com/1238970"
},
{
"category": "self",
"summary": "SUSE Bug 1238972",
"url": "https://bugzilla.suse.com/1238972"
},
{
"category": "self",
"summary": "SUSE Bug 1238983",
"url": "https://bugzilla.suse.com/1238983"
},
{
"category": "self",
"summary": "SUSE Bug 1238990",
"url": "https://bugzilla.suse.com/1238990"
},
{
"category": "self",
"summary": "SUSE Bug 1238992",
"url": "https://bugzilla.suse.com/1238992"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239064",
"url": "https://bugzilla.suse.com/1239064"
},
{
"category": "self",
"summary": "SUSE Bug 1239066",
"url": "https://bugzilla.suse.com/1239066"
},
{
"category": "self",
"summary": "SUSE Bug 1239079",
"url": "https://bugzilla.suse.com/1239079"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239108",
"url": "https://bugzilla.suse.com/1239108"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239314",
"url": "https://bugzilla.suse.com/1239314"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239470",
"url": "https://bugzilla.suse.com/1239470"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239475",
"url": "https://bugzilla.suse.com/1239475"
},
{
"category": "self",
"summary": "SUSE Bug 1239476",
"url": "https://bugzilla.suse.com/1239476"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239487",
"url": "https://bugzilla.suse.com/1239487"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239510",
"url": "https://bugzilla.suse.com/1239510"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239684",
"url": "https://bugzilla.suse.com/1239684"
},
{
"category": "self",
"summary": "SUSE Bug 1239691",
"url": "https://bugzilla.suse.com/1239691"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239906",
"url": "https://bugzilla.suse.com/1239906"
},
{
"category": "self",
"summary": "SUSE Bug 1239925",
"url": "https://bugzilla.suse.com/1239925"
},
{
"category": "self",
"summary": "SUSE Bug 1239934",
"url": "https://bugzilla.suse.com/1239934"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239991",
"url": "https://bugzilla.suse.com/1239991"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1239997",
"url": "https://bugzilla.suse.com/1239997"
},
{
"category": "self",
"summary": "SUSE Bug 1240167",
"url": "https://bugzilla.suse.com/1240167"
},
{
"category": "self",
"summary": "SUSE Bug 1240168",
"url": "https://bugzilla.suse.com/1240168"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240171",
"url": "https://bugzilla.suse.com/1240171"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240174",
"url": "https://bugzilla.suse.com/1240174"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240176",
"url": "https://bugzilla.suse.com/1240176"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240181",
"url": "https://bugzilla.suse.com/1240181"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240184",
"url": "https://bugzilla.suse.com/1240184"
},
{
"category": "self",
"summary": "SUSE Bug 1240185",
"url": "https://bugzilla.suse.com/1240185"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240187",
"url": "https://bugzilla.suse.com/1240187"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE Bug 1240375",
"url": "https://bugzilla.suse.com/1240375"
},
{
"category": "self",
"summary": "SUSE Bug 1240419",
"url": "https://bugzilla.suse.com/1240419"
},
{
"category": "self",
"summary": "SUSE Bug 1240427",
"url": "https://bugzilla.suse.com/1240427"
},
{
"category": "self",
"summary": "SUSE Bug 1240557",
"url": "https://bugzilla.suse.com/1240557"
},
{
"category": "self",
"summary": "SUSE Bug 1240575",
"url": "https://bugzilla.suse.com/1240575"
},
{
"category": "self",
"summary": "SUSE Bug 1240576",
"url": "https://bugzilla.suse.com/1240576"
},
{
"category": "self",
"summary": "SUSE Bug 1240581",
"url": "https://bugzilla.suse.com/1240581"
},
{
"category": "self",
"summary": "SUSE Bug 1240582",
"url": "https://bugzilla.suse.com/1240582"
},
{
"category": "self",
"summary": "SUSE Bug 1240583",
"url": "https://bugzilla.suse.com/1240583"
},
{
"category": "self",
"summary": "SUSE Bug 1240584",
"url": "https://bugzilla.suse.com/1240584"
},
{
"category": "self",
"summary": "SUSE Bug 1240585",
"url": "https://bugzilla.suse.com/1240585"
},
{
"category": "self",
"summary": "SUSE Bug 1240587",
"url": "https://bugzilla.suse.com/1240587"
},
{
"category": "self",
"summary": "SUSE Bug 1240590",
"url": "https://bugzilla.suse.com/1240590"
},
{
"category": "self",
"summary": "SUSE Bug 1240591",
"url": "https://bugzilla.suse.com/1240591"
},
{
"category": "self",
"summary": "SUSE Bug 1240592",
"url": "https://bugzilla.suse.com/1240592"
},
{
"category": "self",
"summary": "SUSE Bug 1240593",
"url": "https://bugzilla.suse.com/1240593"
},
{
"category": "self",
"summary": "SUSE Bug 1240594",
"url": "https://bugzilla.suse.com/1240594"
},
{
"category": "self",
"summary": "SUSE Bug 1240595",
"url": "https://bugzilla.suse.com/1240595"
},
{
"category": "self",
"summary": "SUSE Bug 1240596",
"url": "https://bugzilla.suse.com/1240596"
},
{
"category": "self",
"summary": "SUSE Bug 1240600",
"url": "https://bugzilla.suse.com/1240600"
},
{
"category": "self",
"summary": "SUSE Bug 1240612",
"url": "https://bugzilla.suse.com/1240612"
},
{
"category": "self",
"summary": "SUSE Bug 1240616",
"url": "https://bugzilla.suse.com/1240616"
},
{
"category": "self",
"summary": "SUSE Bug 1240617",
"url": "https://bugzilla.suse.com/1240617"
},
{
"category": "self",
"summary": "SUSE Bug 1240639",
"url": "https://bugzilla.suse.com/1240639"
},
{
"category": "self",
"summary": "SUSE Bug 1240643",
"url": "https://bugzilla.suse.com/1240643"
},
{
"category": "self",
"summary": "SUSE Bug 1240647",
"url": "https://bugzilla.suse.com/1240647"
},
{
"category": "self",
"summary": "SUSE Bug 1240655",
"url": "https://bugzilla.suse.com/1240655"
},
{
"category": "self",
"summary": "SUSE Bug 1240691",
"url": "https://bugzilla.suse.com/1240691"
},
{
"category": "self",
"summary": "SUSE Bug 1240696",
"url": "https://bugzilla.suse.com/1240696"
},
{
"category": "self",
"summary": "SUSE Bug 1240700",
"url": "https://bugzilla.suse.com/1240700"
},
{
"category": "self",
"summary": "SUSE Bug 1240701",
"url": "https://bugzilla.suse.com/1240701"
},
{
"category": "self",
"summary": "SUSE Bug 1240703",
"url": "https://bugzilla.suse.com/1240703"
},
{
"category": "self",
"summary": "SUSE Bug 1240708",
"url": "https://bugzilla.suse.com/1240708"
},
{
"category": "self",
"summary": "SUSE Bug 1240709",
"url": "https://bugzilla.suse.com/1240709"
},
{
"category": "self",
"summary": "SUSE Bug 1240711",
"url": "https://bugzilla.suse.com/1240711"
},
{
"category": "self",
"summary": "SUSE Bug 1240712",
"url": "https://bugzilla.suse.com/1240712"
},
{
"category": "self",
"summary": "SUSE Bug 1240713",
"url": "https://bugzilla.suse.com/1240713"
},
{
"category": "self",
"summary": "SUSE Bug 1240714",
"url": "https://bugzilla.suse.com/1240714"
},
{
"category": "self",
"summary": "SUSE Bug 1240715",
"url": "https://bugzilla.suse.com/1240715"
},
{
"category": "self",
"summary": "SUSE Bug 1240716",
"url": "https://bugzilla.suse.com/1240716"
},
{
"category": "self",
"summary": "SUSE Bug 1240717",
"url": "https://bugzilla.suse.com/1240717"
},
{
"category": "self",
"summary": "SUSE Bug 1240718",
"url": "https://bugzilla.suse.com/1240718"
},
{
"category": "self",
"summary": "SUSE Bug 1240719",
"url": "https://bugzilla.suse.com/1240719"
},
{
"category": "self",
"summary": "SUSE Bug 1240720",
"url": "https://bugzilla.suse.com/1240720"
},
{
"category": "self",
"summary": "SUSE Bug 1240722",
"url": "https://bugzilla.suse.com/1240722"
},
{
"category": "self",
"summary": "SUSE Bug 1240727",
"url": "https://bugzilla.suse.com/1240727"
},
{
"category": "self",
"summary": "SUSE Bug 1240739",
"url": "https://bugzilla.suse.com/1240739"
},
{
"category": "self",
"summary": "SUSE Bug 1240740",
"url": "https://bugzilla.suse.com/1240740"
},
{
"category": "self",
"summary": "SUSE Bug 1240742",
"url": "https://bugzilla.suse.com/1240742"
},
{
"category": "self",
"summary": "SUSE Bug 1240779",
"url": "https://bugzilla.suse.com/1240779"
},
{
"category": "self",
"summary": "SUSE Bug 1240783",
"url": "https://bugzilla.suse.com/1240783"
},
{
"category": "self",
"summary": "SUSE Bug 1240784",
"url": "https://bugzilla.suse.com/1240784"
},
{
"category": "self",
"summary": "SUSE Bug 1240785",
"url": "https://bugzilla.suse.com/1240785"
},
{
"category": "self",
"summary": "SUSE Bug 1240795",
"url": "https://bugzilla.suse.com/1240795"
},
{
"category": "self",
"summary": "SUSE Bug 1240796",
"url": "https://bugzilla.suse.com/1240796"
},
{
"category": "self",
"summary": "SUSE Bug 1240797",
"url": "https://bugzilla.suse.com/1240797"
},
{
"category": "self",
"summary": "SUSE Bug 1240799",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "self",
"summary": "SUSE Bug 1240800",
"url": "https://bugzilla.suse.com/1240800"
},
{
"category": "self",
"summary": "SUSE Bug 1240801",
"url": "https://bugzilla.suse.com/1240801"
},
{
"category": "self",
"summary": "SUSE Bug 1240802",
"url": "https://bugzilla.suse.com/1240802"
},
{
"category": "self",
"summary": "SUSE Bug 1240803",
"url": "https://bugzilla.suse.com/1240803"
},
{
"category": "self",
"summary": "SUSE Bug 1240804",
"url": "https://bugzilla.suse.com/1240804"
},
{
"category": "self",
"summary": "SUSE Bug 1240805",
"url": "https://bugzilla.suse.com/1240805"
},
{
"category": "self",
"summary": "SUSE Bug 1240806",
"url": "https://bugzilla.suse.com/1240806"
},
{
"category": "self",
"summary": "SUSE Bug 1240808",
"url": "https://bugzilla.suse.com/1240808"
},
{
"category": "self",
"summary": "SUSE Bug 1240809",
"url": "https://bugzilla.suse.com/1240809"
},
{
"category": "self",
"summary": "SUSE Bug 1240811",
"url": "https://bugzilla.suse.com/1240811"
},
{
"category": "self",
"summary": "SUSE Bug 1240812",
"url": "https://bugzilla.suse.com/1240812"
},
{
"category": "self",
"summary": "SUSE Bug 1240813",
"url": "https://bugzilla.suse.com/1240813"
},
{
"category": "self",
"summary": "SUSE Bug 1240815",
"url": "https://bugzilla.suse.com/1240815"
},
{
"category": "self",
"summary": "SUSE Bug 1240816",
"url": "https://bugzilla.suse.com/1240816"
},
{
"category": "self",
"summary": "SUSE Bug 1240819",
"url": "https://bugzilla.suse.com/1240819"
},
{
"category": "self",
"summary": "SUSE Bug 1240821",
"url": "https://bugzilla.suse.com/1240821"
},
{
"category": "self",
"summary": "SUSE Bug 1240825",
"url": "https://bugzilla.suse.com/1240825"
},
{
"category": "self",
"summary": "SUSE Bug 1240829",
"url": "https://bugzilla.suse.com/1240829"
},
{
"category": "self",
"summary": "SUSE Bug 1240835",
"url": "https://bugzilla.suse.com/1240835"
},
{
"category": "self",
"summary": "SUSE Bug 1240873",
"url": "https://bugzilla.suse.com/1240873"
},
{
"category": "self",
"summary": "SUSE Bug 1240934",
"url": "https://bugzilla.suse.com/1240934"
},
{
"category": "self",
"summary": "SUSE Bug 1240936",
"url": "https://bugzilla.suse.com/1240936"
},
{
"category": "self",
"summary": "SUSE Bug 1240937",
"url": "https://bugzilla.suse.com/1240937"
},
{
"category": "self",
"summary": "SUSE Bug 1240938",
"url": "https://bugzilla.suse.com/1240938"
},
{
"category": "self",
"summary": "SUSE Bug 1240940",
"url": "https://bugzilla.suse.com/1240940"
},
{
"category": "self",
"summary": "SUSE Bug 1240942",
"url": "https://bugzilla.suse.com/1240942"
},
{
"category": "self",
"summary": "SUSE Bug 1240943",
"url": "https://bugzilla.suse.com/1240943"
},
{
"category": "self",
"summary": "SUSE Bug 1240944",
"url": "https://bugzilla.suse.com/1240944"
},
{
"category": "self",
"summary": "SUSE Bug 1240966",
"url": "https://bugzilla.suse.com/1240966"
},
{
"category": "self",
"summary": "SUSE Bug 1240978",
"url": "https://bugzilla.suse.com/1240978"
},
{
"category": "self",
"summary": "SUSE Bug 1240979",
"url": "https://bugzilla.suse.com/1240979"
},
{
"category": "self",
"summary": "SUSE Bug 1241010",
"url": "https://bugzilla.suse.com/1241010"
},
{
"category": "self",
"summary": "SUSE Bug 1241038",
"url": "https://bugzilla.suse.com/1241038"
},
{
"category": "self",
"summary": "SUSE Bug 1241051",
"url": "https://bugzilla.suse.com/1241051"
},
{
"category": "self",
"summary": "SUSE Bug 1241095",
"url": "https://bugzilla.suse.com/1241095"
},
{
"category": "self",
"summary": "SUSE Bug 1241123",
"url": "https://bugzilla.suse.com/1241123"
},
{
"category": "self",
"summary": "SUSE Bug 1241148",
"url": "https://bugzilla.suse.com/1241148"
},
{
"category": "self",
"summary": "SUSE Bug 1241151",
"url": "https://bugzilla.suse.com/1241151"
},
{
"category": "self",
"summary": "SUSE Bug 1241166",
"url": "https://bugzilla.suse.com/1241166"
},
{
"category": "self",
"summary": "SUSE Bug 1241167",
"url": "https://bugzilla.suse.com/1241167"
},
{
"category": "self",
"summary": "SUSE Bug 1241175",
"url": "https://bugzilla.suse.com/1241175"
},
{
"category": "self",
"summary": "SUSE Bug 1241193",
"url": "https://bugzilla.suse.com/1241193"
},
{
"category": "self",
"summary": "SUSE Bug 1241204",
"url": "https://bugzilla.suse.com/1241204"
},
{
"category": "self",
"summary": "SUSE Bug 1241250",
"url": "https://bugzilla.suse.com/1241250"
},
{
"category": "self",
"summary": "SUSE Bug 1241265",
"url": "https://bugzilla.suse.com/1241265"
},
{
"category": "self",
"summary": "SUSE Bug 1241266",
"url": "https://bugzilla.suse.com/1241266"
},
{
"category": "self",
"summary": "SUSE Bug 1241280",
"url": "https://bugzilla.suse.com/1241280"
},
{
"category": "self",
"summary": "SUSE Bug 1241282",
"url": "https://bugzilla.suse.com/1241282"
},
{
"category": "self",
"summary": "SUSE Bug 1241305",
"url": "https://bugzilla.suse.com/1241305"
},
{
"category": "self",
"summary": "SUSE Bug 1241319",
"url": "https://bugzilla.suse.com/1241319"
},
{
"category": "self",
"summary": "SUSE Bug 1241332",
"url": "https://bugzilla.suse.com/1241332"
},
{
"category": "self",
"summary": "SUSE Bug 1241333",
"url": "https://bugzilla.suse.com/1241333"
},
{
"category": "self",
"summary": "SUSE Bug 1241341",
"url": "https://bugzilla.suse.com/1241341"
},
{
"category": "self",
"summary": "SUSE Bug 1241343",
"url": "https://bugzilla.suse.com/1241343"
},
{
"category": "self",
"summary": "SUSE Bug 1241344",
"url": "https://bugzilla.suse.com/1241344"
},
{
"category": "self",
"summary": "SUSE Bug 1241347",
"url": "https://bugzilla.suse.com/1241347"
},
{
"category": "self",
"summary": "SUSE Bug 1241351",
"url": "https://bugzilla.suse.com/1241351"
},
{
"category": "self",
"summary": "SUSE Bug 1241357",
"url": "https://bugzilla.suse.com/1241357"
},
{
"category": "self",
"summary": "SUSE Bug 1241361",
"url": "https://bugzilla.suse.com/1241361"
},
{
"category": "self",
"summary": "SUSE Bug 1241369",
"url": "https://bugzilla.suse.com/1241369"
},
{
"category": "self",
"summary": "SUSE Bug 1241371",
"url": "https://bugzilla.suse.com/1241371"
},
{
"category": "self",
"summary": "SUSE Bug 1241373",
"url": "https://bugzilla.suse.com/1241373"
},
{
"category": "self",
"summary": "SUSE Bug 1241376",
"url": "https://bugzilla.suse.com/1241376"
},
{
"category": "self",
"summary": "SUSE Bug 1241378",
"url": "https://bugzilla.suse.com/1241378"
},
{
"category": "self",
"summary": "SUSE Bug 1241388",
"url": "https://bugzilla.suse.com/1241388"
},
{
"category": "self",
"summary": "SUSE Bug 1241394",
"url": "https://bugzilla.suse.com/1241394"
},
{
"category": "self",
"summary": "SUSE Bug 1241402",
"url": "https://bugzilla.suse.com/1241402"
},
{
"category": "self",
"summary": "SUSE Bug 1241412",
"url": "https://bugzilla.suse.com/1241412"
},
{
"category": "self",
"summary": "SUSE Bug 1241413",
"url": "https://bugzilla.suse.com/1241413"
},
{
"category": "self",
"summary": "SUSE Bug 1241416",
"url": "https://bugzilla.suse.com/1241416"
},
{
"category": "self",
"summary": "SUSE Bug 1241419",
"url": "https://bugzilla.suse.com/1241419"
},
{
"category": "self",
"summary": "SUSE Bug 1241424",
"url": "https://bugzilla.suse.com/1241424"
},
{
"category": "self",
"summary": "SUSE Bug 1241426",
"url": "https://bugzilla.suse.com/1241426"
},
{
"category": "self",
"summary": "SUSE Bug 1241433",
"url": "https://bugzilla.suse.com/1241433"
},
{
"category": "self",
"summary": "SUSE Bug 1241436",
"url": "https://bugzilla.suse.com/1241436"
},
{
"category": "self",
"summary": "SUSE Bug 1241441",
"url": "https://bugzilla.suse.com/1241441"
},
{
"category": "self",
"summary": "SUSE Bug 1241442",
"url": "https://bugzilla.suse.com/1241442"
},
{
"category": "self",
"summary": "SUSE Bug 1241443",
"url": "https://bugzilla.suse.com/1241443"
},
{
"category": "self",
"summary": "SUSE Bug 1241448",
"url": "https://bugzilla.suse.com/1241448"
},
{
"category": "self",
"summary": "SUSE Bug 1241451",
"url": "https://bugzilla.suse.com/1241451"
},
{
"category": "self",
"summary": "SUSE Bug 1241452",
"url": "https://bugzilla.suse.com/1241452"
},
{
"category": "self",
"summary": "SUSE Bug 1241456",
"url": "https://bugzilla.suse.com/1241456"
},
{
"category": "self",
"summary": "SUSE Bug 1241458",
"url": "https://bugzilla.suse.com/1241458"
},
{
"category": "self",
"summary": "SUSE Bug 1241459",
"url": "https://bugzilla.suse.com/1241459"
},
{
"category": "self",
"summary": "SUSE Bug 1241492",
"url": "https://bugzilla.suse.com/1241492"
},
{
"category": "self",
"summary": "SUSE Bug 1241512",
"url": "https://bugzilla.suse.com/1241512"
},
{
"category": "self",
"summary": "SUSE Bug 1241525",
"url": "https://bugzilla.suse.com/1241525"
},
{
"category": "self",
"summary": "SUSE Bug 1241526",
"url": "https://bugzilla.suse.com/1241526"
},
{
"category": "self",
"summary": "SUSE Bug 1241528",
"url": "https://bugzilla.suse.com/1241528"
},
{
"category": "self",
"summary": "SUSE Bug 1241533",
"url": "https://bugzilla.suse.com/1241533"
},
{
"category": "self",
"summary": "SUSE Bug 1241535",
"url": "https://bugzilla.suse.com/1241535"
},
{
"category": "self",
"summary": "SUSE Bug 1241537",
"url": "https://bugzilla.suse.com/1241537"
},
{
"category": "self",
"summary": "SUSE Bug 1241541",
"url": "https://bugzilla.suse.com/1241541"
},
{
"category": "self",
"summary": "SUSE Bug 1241545",
"url": "https://bugzilla.suse.com/1241545"
},
{
"category": "self",
"summary": "SUSE Bug 1241547",
"url": "https://bugzilla.suse.com/1241547"
},
{
"category": "self",
"summary": "SUSE Bug 1241548",
"url": "https://bugzilla.suse.com/1241548"
},
{
"category": "self",
"summary": "SUSE Bug 1241550",
"url": "https://bugzilla.suse.com/1241550"
},
{
"category": "self",
"summary": "SUSE Bug 1241562",
"url": "https://bugzilla.suse.com/1241562"
},
{
"category": "self",
"summary": "SUSE Bug 1241568",
"url": "https://bugzilla.suse.com/1241568"
},
{
"category": "self",
"summary": "SUSE Bug 1241573",
"url": "https://bugzilla.suse.com/1241573"
},
{
"category": "self",
"summary": "SUSE Bug 1241574",
"url": "https://bugzilla.suse.com/1241574"
},
{
"category": "self",
"summary": "SUSE Bug 1241575",
"url": "https://bugzilla.suse.com/1241575"
},
{
"category": "self",
"summary": "SUSE Bug 1241578",
"url": "https://bugzilla.suse.com/1241578"
},
{
"category": "self",
"summary": "SUSE Bug 1241581",
"url": "https://bugzilla.suse.com/1241581"
},
{
"category": "self",
"summary": "SUSE Bug 1241590",
"url": "https://bugzilla.suse.com/1241590"
},
{
"category": "self",
"summary": "SUSE Bug 1241591",
"url": "https://bugzilla.suse.com/1241591"
},
{
"category": "self",
"summary": "SUSE Bug 1241593",
"url": "https://bugzilla.suse.com/1241593"
},
{
"category": "self",
"summary": "SUSE Bug 1241596",
"url": "https://bugzilla.suse.com/1241596"
},
{
"category": "self",
"summary": "SUSE Bug 1241597",
"url": "https://bugzilla.suse.com/1241597"
},
{
"category": "self",
"summary": "SUSE Bug 1241598",
"url": "https://bugzilla.suse.com/1241598"
},
{
"category": "self",
"summary": "SUSE Bug 1241599",
"url": "https://bugzilla.suse.com/1241599"
},
{
"category": "self",
"summary": "SUSE Bug 1241601",
"url": "https://bugzilla.suse.com/1241601"
},
{
"category": "self",
"summary": "SUSE Bug 1241626",
"url": "https://bugzilla.suse.com/1241626"
},
{
"category": "self",
"summary": "SUSE Bug 1241627",
"url": "https://bugzilla.suse.com/1241627"
},
{
"category": "self",
"summary": "SUSE Bug 1241628",
"url": "https://bugzilla.suse.com/1241628"
},
{
"category": "self",
"summary": "SUSE Bug 1241633",
"url": "https://bugzilla.suse.com/1241633"
},
{
"category": "self",
"summary": "SUSE Bug 1241638",
"url": "https://bugzilla.suse.com/1241638"
},
{
"category": "self",
"summary": "SUSE Bug 1241640",
"url": "https://bugzilla.suse.com/1241640"
},
{
"category": "self",
"summary": "SUSE Bug 1241648",
"url": "https://bugzilla.suse.com/1241648"
},
{
"category": "self",
"summary": "SUSE Bug 1241657",
"url": "https://bugzilla.suse.com/1241657"
},
{
"category": "self",
"summary": "SUSE Bug 1241689",
"url": "https://bugzilla.suse.com/1241689"
},
{
"category": "self",
"summary": "SUSE Bug 1242006",
"url": "https://bugzilla.suse.com/1242006"
},
{
"category": "self",
"summary": "SUSE Bug 1242012",
"url": "https://bugzilla.suse.com/1242012"
},
{
"category": "self",
"summary": "SUSE Bug 1242044",
"url": "https://bugzilla.suse.com/1242044"
},
{
"category": "self",
"summary": "SUSE Bug 1242119",
"url": "https://bugzilla.suse.com/1242119"
},
{
"category": "self",
"summary": "SUSE Bug 1242125",
"url": "https://bugzilla.suse.com/1242125"
},
{
"category": "self",
"summary": "SUSE Bug 1242172",
"url": "https://bugzilla.suse.com/1242172"
},
{
"category": "self",
"summary": "SUSE Bug 1242203",
"url": "https://bugzilla.suse.com/1242203"
},
{
"category": "self",
"summary": "SUSE Bug 1242205",
"url": "https://bugzilla.suse.com/1242205"
},
{
"category": "self",
"summary": "SUSE Bug 1242283",
"url": "https://bugzilla.suse.com/1242283"
},
{
"category": "self",
"summary": "SUSE Bug 1242307",
"url": "https://bugzilla.suse.com/1242307"
},
{
"category": "self",
"summary": "SUSE Bug 1242313",
"url": "https://bugzilla.suse.com/1242313"
},
{
"category": "self",
"summary": "SUSE Bug 1242314",
"url": "https://bugzilla.suse.com/1242314"
},
{
"category": "self",
"summary": "SUSE Bug 1242315",
"url": "https://bugzilla.suse.com/1242315"
},
{
"category": "self",
"summary": "SUSE Bug 1242321",
"url": "https://bugzilla.suse.com/1242321"
},
{
"category": "self",
"summary": "SUSE Bug 1242326",
"url": "https://bugzilla.suse.com/1242326"
},
{
"category": "self",
"summary": "SUSE Bug 1242327",
"url": "https://bugzilla.suse.com/1242327"
},
{
"category": "self",
"summary": "SUSE Bug 1242328",
"url": "https://bugzilla.suse.com/1242328"
},
{
"category": "self",
"summary": "SUSE Bug 1242332",
"url": "https://bugzilla.suse.com/1242332"
},
{
"category": "self",
"summary": "SUSE Bug 1242333",
"url": "https://bugzilla.suse.com/1242333"
},
{
"category": "self",
"summary": "SUSE Bug 1242335",
"url": "https://bugzilla.suse.com/1242335"
},
{
"category": "self",
"summary": "SUSE Bug 1242336",
"url": "https://bugzilla.suse.com/1242336"
},
{
"category": "self",
"summary": "SUSE Bug 1242342",
"url": "https://bugzilla.suse.com/1242342"
},
{
"category": "self",
"summary": "SUSE Bug 1242343",
"url": "https://bugzilla.suse.com/1242343"
},
{
"category": "self",
"summary": "SUSE Bug 1242344",
"url": "https://bugzilla.suse.com/1242344"
},
{
"category": "self",
"summary": "SUSE Bug 1242345",
"url": "https://bugzilla.suse.com/1242345"
},
{
"category": "self",
"summary": "SUSE Bug 1242346",
"url": "https://bugzilla.suse.com/1242346"
},
{
"category": "self",
"summary": "SUSE Bug 1242347",
"url": "https://bugzilla.suse.com/1242347"
},
{
"category": "self",
"summary": "SUSE Bug 1242348",
"url": "https://bugzilla.suse.com/1242348"
},
{
"category": "self",
"summary": "SUSE Bug 1242414",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "self",
"summary": "SUSE Bug 1242417",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "self",
"summary": "SUSE Bug 1242502",
"url": "https://bugzilla.suse.com/1242502"
},
{
"category": "self",
"summary": "SUSE Bug 1242506",
"url": "https://bugzilla.suse.com/1242506"
},
{
"category": "self",
"summary": "SUSE Bug 1242507",
"url": "https://bugzilla.suse.com/1242507"
},
{
"category": "self",
"summary": "SUSE Bug 1242509",
"url": "https://bugzilla.suse.com/1242509"
},
{
"category": "self",
"summary": "SUSE Bug 1242510",
"url": "https://bugzilla.suse.com/1242510"
},
{
"category": "self",
"summary": "SUSE Bug 1242513",
"url": "https://bugzilla.suse.com/1242513"
},
{
"category": "self",
"summary": "SUSE Bug 1242520",
"url": "https://bugzilla.suse.com/1242520"
},
{
"category": "self",
"summary": "SUSE Bug 1242523",
"url": "https://bugzilla.suse.com/1242523"
},
{
"category": "self",
"summary": "SUSE Bug 1242526",
"url": "https://bugzilla.suse.com/1242526"
},
{
"category": "self",
"summary": "SUSE Bug 1242528",
"url": "https://bugzilla.suse.com/1242528"
},
{
"category": "self",
"summary": "SUSE Bug 1242533",
"url": "https://bugzilla.suse.com/1242533"
},
{
"category": "self",
"summary": "SUSE Bug 1242534",
"url": "https://bugzilla.suse.com/1242534"
},
{
"category": "self",
"summary": "SUSE Bug 1242535",
"url": "https://bugzilla.suse.com/1242535"
},
{
"category": "self",
"summary": "SUSE Bug 1242536",
"url": "https://bugzilla.suse.com/1242536"
},
{
"category": "self",
"summary": "SUSE Bug 1242537",
"url": "https://bugzilla.suse.com/1242537"
},
{
"category": "self",
"summary": "SUSE Bug 1242538",
"url": "https://bugzilla.suse.com/1242538"
},
{
"category": "self",
"summary": "SUSE Bug 1242539",
"url": "https://bugzilla.suse.com/1242539"
},
{
"category": "self",
"summary": "SUSE Bug 1242540",
"url": "https://bugzilla.suse.com/1242540"
},
{
"category": "self",
"summary": "SUSE Bug 1242546",
"url": "https://bugzilla.suse.com/1242546"
},
{
"category": "self",
"summary": "SUSE Bug 1242556",
"url": "https://bugzilla.suse.com/1242556"
},
{
"category": "self",
"summary": "SUSE Bug 1242585",
"url": "https://bugzilla.suse.com/1242585"
},
{
"category": "self",
"summary": "SUSE Bug 1242596",
"url": "https://bugzilla.suse.com/1242596"
},
{
"category": "self",
"summary": "SUSE Bug 1242710",
"url": "https://bugzilla.suse.com/1242710"
},
{
"category": "self",
"summary": "SUSE Bug 1242762",
"url": "https://bugzilla.suse.com/1242762"
},
{
"category": "self",
"summary": "SUSE Bug 1242763",
"url": "https://bugzilla.suse.com/1242763"
},
{
"category": "self",
"summary": "SUSE Bug 1242778",
"url": "https://bugzilla.suse.com/1242778"
},
{
"category": "self",
"summary": "SUSE Bug 1242786",
"url": "https://bugzilla.suse.com/1242786"
},
{
"category": "self",
"summary": "SUSE Bug 1242831",
"url": "https://bugzilla.suse.com/1242831"
},
{
"category": "self",
"summary": "SUSE Bug 1242852",
"url": "https://bugzilla.suse.com/1242852"
},
{
"category": "self",
"summary": "SUSE Bug 1242854",
"url": "https://bugzilla.suse.com/1242854"
},
{
"category": "self",
"summary": "SUSE Bug 1242856",
"url": "https://bugzilla.suse.com/1242856"
},
{
"category": "self",
"summary": "SUSE Bug 1242859",
"url": "https://bugzilla.suse.com/1242859"
},
{
"category": "self",
"summary": "SUSE Bug 1242860",
"url": "https://bugzilla.suse.com/1242860"
},
{
"category": "self",
"summary": "SUSE Bug 1242861",
"url": "https://bugzilla.suse.com/1242861"
},
{
"category": "self",
"summary": "SUSE Bug 1242866",
"url": "https://bugzilla.suse.com/1242866"
},
{
"category": "self",
"summary": "SUSE Bug 1242867",
"url": "https://bugzilla.suse.com/1242867"
},
{
"category": "self",
"summary": "SUSE Bug 1242868",
"url": "https://bugzilla.suse.com/1242868"
},
{
"category": "self",
"summary": "SUSE Bug 1242875",
"url": "https://bugzilla.suse.com/1242875"
},
{
"category": "self",
"summary": "SUSE Bug 1242924",
"url": "https://bugzilla.suse.com/1242924"
},
{
"category": "self",
"summary": "SUSE Bug 1242944",
"url": "https://bugzilla.suse.com/1242944"
},
{
"category": "self",
"summary": "SUSE Bug 1242951",
"url": "https://bugzilla.suse.com/1242951"
},
{
"category": "self",
"summary": "SUSE Bug 1242962",
"url": "https://bugzilla.suse.com/1242962"
},
{
"category": "self",
"summary": "SUSE Bug 1242993",
"url": "https://bugzilla.suse.com/1242993"
},
{
"category": "self",
"summary": "SUSE Bug 1243020",
"url": "https://bugzilla.suse.com/1243020"
},
{
"category": "self",
"summary": "SUSE Bug 1243044",
"url": "https://bugzilla.suse.com/1243044"
},
{
"category": "self",
"summary": "SUSE Bug 1243056",
"url": "https://bugzilla.suse.com/1243056"
},
{
"category": "self",
"summary": "SUSE Bug 1243077",
"url": "https://bugzilla.suse.com/1243077"
},
{
"category": "self",
"summary": "SUSE Bug 1243090",
"url": "https://bugzilla.suse.com/1243090"
},
{
"category": "self",
"summary": "SUSE Bug 1243115",
"url": "https://bugzilla.suse.com/1243115"
},
{
"category": "self",
"summary": "SUSE Bug 1243116",
"url": "https://bugzilla.suse.com/1243116"
},
{
"category": "self",
"summary": "SUSE Bug 1243215",
"url": "https://bugzilla.suse.com/1243215"
},
{
"category": "self",
"summary": "SUSE Bug 1243341",
"url": "https://bugzilla.suse.com/1243341"
},
{
"category": "self",
"summary": "SUSE Bug 1243342",
"url": "https://bugzilla.suse.com/1243342"
},
{
"category": "self",
"summary": "SUSE Bug 1243513",
"url": "https://bugzilla.suse.com/1243513"
},
{
"category": "self",
"summary": "SUSE Bug 1243519",
"url": "https://bugzilla.suse.com/1243519"
},
{
"category": "self",
"summary": "SUSE Bug 1243539",
"url": "https://bugzilla.suse.com/1243539"
},
{
"category": "self",
"summary": "SUSE Bug 1243541",
"url": "https://bugzilla.suse.com/1243541"
},
{
"category": "self",
"summary": "SUSE Bug 1243547",
"url": "https://bugzilla.suse.com/1243547"
},
{
"category": "self",
"summary": "SUSE Bug 1243657",
"url": "https://bugzilla.suse.com/1243657"
},
{
"category": "self",
"summary": "SUSE Bug 1243658",
"url": "https://bugzilla.suse.com/1243658"
},
{
"category": "self",
"summary": "SUSE Bug 1243737",
"url": "https://bugzilla.suse.com/1243737"
},
{
"category": "self",
"summary": "SUSE Bug 1243805",
"url": "https://bugzilla.suse.com/1243805"
},
{
"category": "self",
"summary": "SUSE Bug 1243817",
"url": "https://bugzilla.suse.com/1243817"
},
{
"category": "self",
"summary": "SUSE Bug 1243919",
"url": "https://bugzilla.suse.com/1243919"
},
{
"category": "self",
"summary": "SUSE Bug 1243963",
"url": "https://bugzilla.suse.com/1243963"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53034 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27415 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28956 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46713 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46763 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46865 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49570 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50106 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50223 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54458 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56641 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57998 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58001 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58070 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58074 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58091 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58093 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58094 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58095 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58096 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58097 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21648 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21696 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21707 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21758 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21768 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21787 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21792 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21800 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21808 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21814 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21833 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21837 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21852 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21853 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21867 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21882 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21893 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21894 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21904 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21908 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21910 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21919 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21924 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21925 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21926 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21927 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21928 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21929 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21930 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21935 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21936 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21941 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21943 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21951 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21953 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21956 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21961 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21962 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21963 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21964 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21966 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21980 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21989 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21990 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21999 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22004 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22007 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22009 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22015 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22017 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22021 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22025 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22027 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22027/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22030 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22033 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22045 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22050 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22050/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22053 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22055 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22057 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22063 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22064 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22065 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22070 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22075 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22086 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22090 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22093 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22094 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22097 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22103 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22104 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22106 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22107 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22108 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22109 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22112 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22115 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22116 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22117 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22118 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22128 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23129 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23131 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23134 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23154 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37747 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37748 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37787 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37789 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37803 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37809 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37824 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37833 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37842 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37860 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37879 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37958 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37974 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40325 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40325/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-06-16T14:56:02Z",
"generator": {
"date": "2025-06-16T14:56:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01967-1",
"initial_release_date": "2025-06-16T14:56:02Z",
"revision_history": [
{
"date": "2025-06-16T14:56:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product_id": "cluster-md-kmp-azure-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product_id": "dlm-kmp-azure-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product_id": "gfs2-kmp-azure-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "kernel-azure-6.4.0-150700.20.3.1.aarch64",
"product_id": "kernel-azure-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"product_id": "kernel-azure-devel-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "kernel-azure-extra-6.4.0-150700.20.3.1.aarch64",
"product_id": "kernel-azure-extra-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "kernel-azure-optional-6.4.0-150700.20.3.1.aarch64",
"product_id": "kernel-azure-optional-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"product_id": "kernel-syms-azure-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product_id": "kselftests-kmp-azure-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product_id": "ocfs2-kmp-azure-6.4.0-150700.20.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150700.20.3.1.aarch64",
"product_id": "reiserfs-kmp-azure-6.4.0-150700.20.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"product": {
"name": "kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"product_id": "kernel-devel-azure-6.4.0-150700.20.3.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"product": {
"name": "kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"product_id": "kernel-source-azure-6.4.0-150700.20.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product_id": "cluster-md-kmp-azure-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product_id": "dlm-kmp-azure-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product_id": "gfs2-kmp-azure-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "kernel-azure-6.4.0-150700.20.3.1.x86_64",
"product_id": "kernel-azure-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"product_id": "kernel-azure-devel-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "kernel-azure-extra-6.4.0-150700.20.3.1.x86_64",
"product_id": "kernel-azure-extra-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "kernel-azure-optional-6.4.0-150700.20.3.1.x86_64",
"product_id": "kernel-azure-optional-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-vdso-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "kernel-azure-vdso-6.4.0-150700.20.3.1.x86_64",
"product_id": "kernel-azure-vdso-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "kernel-syms-azure-6.4.0-150700.20.3.1.x86_64",
"product_id": "kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product_id": "kselftests-kmp-azure-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product_id": "ocfs2-kmp-azure-6.4.0-150700.20.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150700.20.3.1.x86_64",
"product_id": "reiserfs-kmp-azure-6.4.0-150700.20.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150700.20.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150700.20.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150700.20.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150700.20.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150700.20.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150700.20.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150700.20.3.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150700.20.3.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150700.20.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150700.20.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150700.20.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2023-53034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans\n\nThere is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and\nsize. This would make xlate_pos negative.\n\n[ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000\n[ 23.734158] ================================================================================\n[ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7\n[ 23.734418] shift exponent -1 is negative\n\nEnsuring xlate_pos is a positive or zero before BIT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53034",
"url": "https://www.suse.com/security/cve/CVE-2023-53034"
},
{
"category": "external",
"summary": "SUSE Bug 1241341 for CVE-2023-53034",
"url": "https://bugzilla.suse.com/1241341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2023-53034"
},
{
"cve": "CVE-2024-27018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: skip conntrack input hook for promisc packets\n\nFor historical reasons, when bridge device is in promisc mode, packets\nthat are directed to the taps follow bridge input hook path. This patch\nadds a workaround to reset conntrack for these packets.\n\nJianbo Liu reports warning splats in their test infrastructure where\ncloned packets reach the br_netfilter input hook to confirm the\nconntrack object.\n\nScratch one bit from BR_INPUT_SKB_CB to annotate that this packet has\nreached the input hook because it is passed up to the bridge device to\nreach the taps.\n\n[ 57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core\n[ 57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19\n[ 57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 \u003c0f\u003e 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1\n[ 57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202\n[ 57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000\n[ 57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000\n[ 57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003\n[ 57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000\n[ 57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800\n[ 57.582313] FS: 0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000\n[ 57.583040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0\n[ 57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[ 57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[ 57.585440] Call Trace:\n[ 57.585721] \u003cIRQ\u003e\n[ 57.585976] ? __warn+0x7d/0x130\n[ 57.586323] ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.586811] ? report_bug+0xf1/0x1c0\n[ 57.587177] ? handle_bug+0x3f/0x70\n[ 57.587539] ? exc_invalid_op+0x13/0x60\n[ 57.587929] ? asm_exc_invalid_op+0x16/0x20\n[ 57.588336] ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.588825] nf_hook_slow+0x3d/0xd0\n[ 57.589188] ? br_handle_vlan+0x4b/0x110\n[ 57.589579] br_pass_frame_up+0xfc/0x150\n[ 57.589970] ? br_port_flags_change+0x40/0x40\n[ 57.590396] br_handle_frame_finish+0x346/0x5e0\n[ 57.590837] ? ipt_do_table+0x32e/0x430\n[ 57.591221] ? br_handle_local_finish+0x20/0x20\n[ 57.591656] br_nf_hook_thresh+0x4b/0xf0 [br_netfilter]\n[ 57.592286] ? br_handle_local_finish+0x20/0x20\n[ 57.592802] br_nf_pre_routing_finish+0x178/0x480 [br_netfilter]\n[ 57.593348] ? br_handle_local_finish+0x20/0x20\n[ 57.593782] ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat]\n[ 57.594279] br_nf_pre_routing+0x24c/0x550 [br_netfilter]\n[ 57.594780] ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter]\n[ 57.595280] br_handle_frame+0x1f3/0x3d0\n[ 57.595676] ? br_handle_local_finish+0x20/0x20\n[ 57.596118] ? br_handle_frame_finish+0x5e0/0x5e0\n[ 57.596566] __netif_receive_skb_core+0x25b/0xfc0\n[ 57.597017] ? __napi_build_skb+0x37/0x40\n[ 57.597418] __netif_receive_skb_list_core+0xfb/0x220",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27018",
"url": "https://www.suse.com/security/cve/CVE-2024-27018"
},
{
"category": "external",
"summary": "SUSE Bug 1223809 for CVE-2024-27018",
"url": "https://bugzilla.suse.com/1223809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-27018"
},
{
"cve": "CVE-2024-27415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n macvlan0\n |\n br0\n / \\\n ethX ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n and schedules a work queue to send them out on the lower devices.\n\n The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n original skb. The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table). This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27415",
"url": "https://www.suse.com/security/cve/CVE-2024-27415"
},
{
"category": "external",
"summary": "SUSE Bug 1224757 for CVE-2024-27415",
"url": "https://bugzilla.suse.com/1224757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-27415"
},
{
"cve": "CVE-2024-28956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28956"
}
],
"notes": [
{
"category": "general",
"text": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28956",
"url": "https://www.suse.com/security/cve/CVE-2024-28956"
},
{
"category": "external",
"summary": "SUSE Bug 1242006 for CVE-2024-28956",
"url": "https://bugzilla.suse.com/1242006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-28956"
},
{
"cve": "CVE-2024-35840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35840"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()\n\nsubflow_finish_connect() uses four fields (backup, join_id, thmac, none)\nthat may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set\nin mptcp_parse_option()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35840",
"url": "https://www.suse.com/security/cve/CVE-2024-35840"
},
{
"category": "external",
"summary": "SUSE Bug 1224597 for CVE-2024-35840",
"url": "https://bugzilla.suse.com/1224597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-35840"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-46713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event-\u003emmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46713",
"url": "https://www.suse.com/security/cve/CVE-2024-46713"
},
{
"category": "external",
"summary": "SUSE Bug 1230581 for CVE-2024-46713",
"url": "https://bugzilla.suse.com/1230581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-46713"
},
{
"cve": "CVE-2024-46763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host. [0]\n\nThe NULL pointer is sk-\u003esk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk-\u003esk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk-\u003esk_user_data could be NULL.\n\nLet\u0027s use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 \u003c0f\u003e b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS: 0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n\u003c/IRQ\u003e\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 \u003cfa\u003e c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46763",
"url": "https://www.suse.com/security/cve/CVE-2024-46763"
},
{
"category": "external",
"summary": "SUSE Bug 1230764 for CVE-2024-46763",
"url": "https://bugzilla.suse.com/1230764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-46763"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: fix initialization of grc\n\nThe grc must be initialize first. There can be a condition where if\nfou is NULL, goto out will be executed and grc would be used\nuninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46865",
"url": "https://www.suse.com/security/cve/CVE-2024-46865"
},
{
"category": "external",
"summary": "SUSE Bug 1231103 for CVE-2024-46865",
"url": "https://bugzilla.suse.com/1231103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-46865"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/tracing: Fix a potential TP_printk UAF\n\nThe commit\nafd2627f727b (\"tracing: Check \"%s\" dereference via the field and not the TP_printk format\")\nexposes potential UAFs in the xe_bo_move trace event.\n\nFix those by avoiding dereferencing the\nxe_mem_type_to_name[] array at TP_printk time.\n\nSince some code refactoring has taken place, explicit backporting may\nbe needed for kernels older than 6.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49570",
"url": "https://www.suse.com/security/cve/CVE-2024-49570"
},
{
"category": "external",
"summary": "SUSE Bug 1238782 for CVE-2024-49570",
"url": "https://bugzilla.suse.com/1238782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-49570"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50038",
"url": "https://www.suse.com/security/cve/CVE-2024-50038"
},
{
"category": "external",
"summary": "SUSE Bug 1231910 for CVE-2024-50038",
"url": "https://bugzilla.suse.com/1231910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50038"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix mptcp DSS corruption due to large pmtu xmit\n\nSyzkaller was able to trigger a DSS corruption:\n\n TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n Modules linked in:\n CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 \u003c0f\u003e 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff\n RSP: 0018:ffffc90000006db8 EFLAGS: 00010246\n RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00\n RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0\n RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8\n R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000\n R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5\n FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n move_skbs_to_msk net/mptcp/protocol.c:811 [inline]\n mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854\n subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490\n tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283\n tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237\n tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5662 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6107\n __napi_poll+0xcb/0x490 net/core/dev.c:6771\n napi_poll net/core/dev.c:6840 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6962\n handle_softirqs+0x2c5/0x980 kernel/softirq.c:554\n do_softirq+0x11b/0x1e0 kernel/softirq.c:455\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451\n dev_queue_xmit include/linux/netdevice.h:3094 [inline]\n neigh_hh_output include/net/neighbour.h:526 [inline]\n neigh_output include/net/neighbour.h:540 [inline]\n ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n ip_local_out net/ipv4/ip_output.c:130 [inline]\n __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536\n __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline]\n tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752\n __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015\n tcp_push_pending_frames include/net/tcp.h:2107 [inline]\n tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline]\n tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239\n tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n sk_backlog_rcv include/net/sock.h:1113 [inline]\n __release_sock+0x214/0x350 net/core/sock.c:3072\n release_sock+0x61/0x1f0 net/core/sock.c:3626\n mptcp_push_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50083",
"url": "https://www.suse.com/security/cve/CVE-2024-50083"
},
{
"category": "external",
"summary": "SUSE Bug 1232493 for CVE-2024-50083",
"url": "https://bugzilla.suse.com/1232493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50083"
},
{
"cve": "CVE-2024-50106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn\u0027t empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that\u0027s based on adding 2 new additional\nstid\u0027s sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn\u0027t finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50106",
"url": "https://www.suse.com/security/cve/CVE-2024-50106"
},
{
"category": "external",
"summary": "SUSE Bug 1232882 for CVE-2024-50106",
"url": "https://bugzilla.suse.com/1232882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50106"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/numa: Fix the potential null pointer dereference in task_numa_work()\n\nWhen running stress-ng-vm-segv test, we found a null pointer dereference\nerror in task_numa_work(). Here is the backtrace:\n\n [323676.066985] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n ......\n [323676.067108] CPU: 35 PID: 2694524 Comm: stress-ng-vm-se\n ......\n [323676.067113] pstate: 23401009 (nzCv daif +PAN -UAO +TCO +DIT +SSBS BTYPE=--)\n [323676.067115] pc : vma_migratable+0x1c/0xd0\n [323676.067122] lr : task_numa_work+0x1ec/0x4e0\n [323676.067127] sp : ffff8000ada73d20\n [323676.067128] x29: ffff8000ada73d20 x28: 0000000000000000 x27: 000000003e89f010\n [323676.067130] x26: 0000000000080000 x25: ffff800081b5c0d8 x24: ffff800081b27000\n [323676.067133] x23: 0000000000010000 x22: 0000000104d18cc0 x21: ffff0009f7158000\n [323676.067135] x20: 0000000000000000 x19: 0000000000000000 x18: ffff8000ada73db8\n [323676.067138] x17: 0001400000000000 x16: ffff800080df40b0 x15: 0000000000000035\n [323676.067140] x14: ffff8000ada73cc8 x13: 1fffe0017cc72001 x12: ffff8000ada73cc8\n [323676.067142] x11: ffff80008001160c x10: ffff000be639000c x9 : ffff8000800f4ba4\n [323676.067145] x8 : ffff000810375000 x7 : ffff8000ada73974 x6 : 0000000000000001\n [323676.067147] x5 : 0068000b33e26707 x4 : 0000000000000001 x3 : ffff0009f7158000\n [323676.067149] x2 : 0000000000000041 x1 : 0000000000004400 x0 : 0000000000000000\n [323676.067152] Call trace:\n [323676.067153] vma_migratable+0x1c/0xd0\n [323676.067155] task_numa_work+0x1ec/0x4e0\n [323676.067157] task_work_run+0x78/0xd8\n [323676.067161] do_notify_resume+0x1ec/0x290\n [323676.067163] el0_svc+0x150/0x160\n [323676.067167] el0t_64_sync_handler+0xf8/0x128\n [323676.067170] el0t_64_sync+0x17c/0x180\n [323676.067173] Code: d2888001 910003fd f9000bf3 aa0003f3 (f9401000)\n [323676.067177] SMP: stopping secondary CPUs\n [323676.070184] Starting crashdump kernel...\n\nstress-ng-vm-segv in stress-ng is used to stress test the SIGSEGV error\nhandling function of the system, which tries to cause a SIGSEGV error on\nreturn from unmapping the whole address space of the child process.\n\nNormally this program will not cause kernel crashes. But before the\nmunmap system call returns to user mode, a potential task_numa_work()\nfor numa balancing could be added and executed. In this scenario, since the\nchild process has no vma after munmap, the vma_next() in task_numa_work()\nwill return a null pointer even if the vma iterator restarts from 0.\n\nRecheck the vma pointer before dereferencing it in task_numa_work().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50223",
"url": "https://www.suse.com/security/cve/CVE-2024-50223"
},
{
"category": "external",
"summary": "SUSE Bug 1233192 for CVE-2024-50223",
"url": "https://bugzilla.suse.com/1233192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50223"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk-\u003esk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 \u003c0f\u003e 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk-\u003esk_state == TCP_LISTEN with sk-\u003esk_lock unlocked,\nwhich triggers a data-race around sk-\u003esk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb-\u003etruesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk-\u003esk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53124",
"url": "https://www.suse.com/security/cve/CVE-2024-53124"
},
{
"category": "external",
"summary": "SUSE Bug 1234074 for CVE-2024-53124",
"url": "https://bugzilla.suse.com/1234074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-53139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t\u003c-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53139",
"url": "https://www.suse.com/security/cve/CVE-2024-53139"
},
{
"category": "external",
"summary": "SUSE Bug 1234157 for CVE-2024-53139",
"url": "https://bugzilla.suse.com/1234157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53139"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54458"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: bsg: Set bsg_queue to NULL after removal\n\nCurrently, this does not cause any issues, but I believe it is necessary to\nset bsg_queue to NULL after removing it to prevent potential use-after-free\n(UAF) access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54458",
"url": "https://www.suse.com/security/cve/CVE-2024-54458"
},
{
"category": "external",
"summary": "SUSE Bug 1238992 for CVE-2024-54458",
"url": "https://bugzilla.suse.com/1238992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-54458"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56641"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: initialize close_work early to avoid warning\n\nWe encountered a warning that close_work was canceled before\ninitialization.\n\n WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0\n Workqueue: events smc_lgr_terminate_work [smc]\n RIP: 0010:__flush_work+0x19e/0x1b0\n Call Trace:\n ? __wake_up_common+0x7a/0x190\n ? work_busy+0x80/0x80\n __cancel_work_timer+0xe3/0x160\n smc_close_cancel_work+0x1a/0x70 [smc]\n smc_close_active_abort+0x207/0x360 [smc]\n __smc_lgr_terminate.part.38+0xc8/0x180 [smc]\n process_one_work+0x19e/0x340\n worker_thread+0x30/0x370\n ? process_one_work+0x340/0x340\n kthread+0x117/0x130\n ? __kthread_cancel_work+0x50/0x50\n ret_from_fork+0x22/0x30\n\nThis is because when smc_close_cancel_work is triggered, e.g. the RDMA\ndriver is rmmod and the LGR is terminated, the conn-\u003eclose_work is\nflushed before initialization, resulting in WARN_ON(!work-\u003efunc).\n\n__smc_lgr_terminate | smc_connect_{rdma|ism}\n-------------------------------------------------------------\n | smc_conn_create\n\t\t\t\t| \\- smc_lgr_register_conn\nfor conn in lgr-\u003econns_all |\n\\- smc_conn_kill |\n \\- smc_close_active_abort |\n \\- smc_close_cancel_work |\n \\- cancel_work_sync |\n \\- __flush_work |\n\t (close_work) |\n\t | smc_close_init\n\t | \\- INIT_WORK(\u0026close_work)\n\nSo fix this by initializing close_work before establishing the\nconnection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56641",
"url": "https://www.suse.com/security/cve/CVE-2024-56641"
},
{
"category": "external",
"summary": "SUSE Bug 1235526 for CVE-2024-56641",
"url": "https://bugzilla.suse.com/1235526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56641"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem \u003eencode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when -\u003eencode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of -\u003eencode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels \u003c v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels \u003c v6.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57924",
"url": "https://www.suse.com/security/cve/CVE-2024-57924"
},
{
"category": "external",
"summary": "SUSE Bug 1236086 for CVE-2024-57924",
"url": "https://bugzilla.suse.com/1236086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57924"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: add index check to assert to avoid buffer overflow in _read_freq()\n\nPass the freq index to the assert function to make sure\nwe do not read a freq out of the opp-\u003erates[] table when called\nfrom the indexed variants:\ndev_pm_opp_find_freq_exact_indexed() or\ndev_pm_opp_find_freq_ceil/floor_indexed().\n\nAdd a secondary parameter to the assert function, unused\nfor assert_single_clk() then add assert_clk_index() which\nwill check for the clock index when called from the _indexed()\nfind functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57998",
"url": "https://www.suse.com/security/cve/CVE-2024-57998"
},
{
"category": "external",
"summary": "SUSE Bug 1238527 for CVE-2024-57998",
"url": "https://bugzilla.suse.com/1238527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57998"
},
{
"cve": "CVE-2024-58001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: handle a symlink read error correctly\n\nPatch series \"Convert ocfs2 to use folios\".\n\nMark did a conversion of ocfs2 to use folios and sent it to me as a\ngiant patch for review ;-)\n\nSo I\u0027ve redone it as individual patches, and credited Mark for the patches\nwhere his code is substantially the same. It\u0027s not a bad way to do it;\nhis patch had some bugs and my patches had some bugs. Hopefully all our\nbugs were different from each other. And hopefully Mark likes all the\nchanges I made to his code!\n\n\nThis patch (of 23):\n\nIf we can\u0027t read the buffer, be sure to unlock the page before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58001",
"url": "https://www.suse.com/security/cve/CVE-2024-58001"
},
{
"category": "external",
"summary": "SUSE Bug 1239079 for CVE-2024-58001",
"url": "https://bugzilla.suse.com/1239079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "low"
}
],
"title": "CVE-2024-58001"
},
{
"cve": "CVE-2024-58018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff \u003c0f\u003e 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \u003cTASK\u003e\n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58018",
"url": "https://www.suse.com/security/cve/CVE-2024-58018"
},
{
"category": "external",
"summary": "SUSE Bug 1238990 for CVE-2024-58018",
"url": "https://bugzilla.suse.com/1238990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58018"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized\n\nIf a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth\nfrom the OPP table but the bandwidth table was not created because the\ninterconnect properties were missing in the OPP consumer node, the\nkernel will crash with:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n...\npc : _read_bw+0x8/0x10\nlr : _opp_table_find_key+0x9c/0x174\n...\nCall trace:\n _read_bw+0x8/0x10 (P)\n _opp_table_find_key+0x9c/0x174 (L)\n _find_key+0x98/0x168\n dev_pm_opp_find_bw_ceil+0x50/0x88\n...\n\nIn order to fix the crash, create an assert function to check\nif the bandwidth table was created before trying to get a\nbandwidth with _read_bw().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58068",
"url": "https://www.suse.com/security/cve/CVE-2024-58068"
},
{
"category": "external",
"summary": "SUSE Bug 1238961 for CVE-2024-58068",
"url": "https://bugzilla.suse.com/1238961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58068"
},
{
"cve": "CVE-2024-58070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT\n\nIn PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible\ncontext. bpf_mem_alloc must be used in PREEMPT_RT. This patch is\nto enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT\nis enabled.\n\n[ 35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs\n[ 35.118569] preempt_count: 1, expected: 0\n[ 35.118571] RCU nest depth: 1, expected: 1\n[ 35.118577] INFO: lockdep is turned off.\n ...\n[ 35.118647] __might_resched+0x433/0x5b0\n[ 35.118677] rt_spin_lock+0xc3/0x290\n[ 35.118700] ___slab_alloc+0x72/0xc40\n[ 35.118723] __kmalloc_noprof+0x13f/0x4e0\n[ 35.118732] bpf_map_kzalloc+0xe5/0x220\n[ 35.118740] bpf_selem_alloc+0x1d2/0x7b0\n[ 35.118755] bpf_local_storage_update+0x2fa/0x8b0\n[ 35.118784] bpf_sk_storage_get_tracing+0x15a/0x1d0\n[ 35.118791] bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66\n[ 35.118795] bpf_trace_run3+0x222/0x400\n[ 35.118820] __bpf_trace_inet_sock_set_state+0x11/0x20\n[ 35.118824] trace_inet_sock_set_state+0x112/0x130\n[ 35.118830] inet_sk_state_store+0x41/0x90\n[ 35.118836] tcp_set_state+0x3b3/0x640\n\nThere is no need to adjust the gfp_flags passing to the\nbpf_mem_cache_alloc_flags() which only honors the GFP_KERNEL.\nThe verifier has ensured GFP_KERNEL is passed only in sleepable context.\n\nIt has been an old issue since the first introduction of the\nbpf_local_storage ~5 years ago, so this patch targets the bpf-next.\n\nbpf_mem_alloc is needed to solve it, so the Fixes tag is set\nto the commit when bpf_mem_alloc was first used in the bpf_local_storage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58070",
"url": "https://www.suse.com/security/cve/CVE-2024-58070"
},
{
"category": "external",
"summary": "SUSE Bug 1238983 for CVE-2024-58070",
"url": "https://bugzilla.suse.com/1238983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58070"
},
{
"cve": "CVE-2024-58071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: prevent adding a device which is already a team device lower\n\nPrevent adding a device which is already a team device lower,\ne.g. adding veth0 if vlan1 was already added and veth0 is a lower of\nvlan1.\n\nThis is not useful in practice and can lead to recursive locking:\n\n$ ip link add veth0 type veth peer name veth1\n$ ip link set veth0 up\n$ ip link set veth1 up\n$ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1\n$ ip link add team0 type team\n$ ip link set veth0.1 down\n$ ip link set veth0.1 master team0\nteam0: Port device veth0.1 added\n$ ip link set veth0 down\n$ ip link set veth0 master team0\n\n============================================\nWARNING: possible recursive locking detected\n6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted\n--------------------------------------------\nip/7684 is trying to acquire lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n\nbut task is already holding lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977)\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\n\nCPU0\n----\nlock(team-\u003eteam_lock_key);\nlock(team-\u003eteam_lock_key);\n\n*** DEADLOCK ***\n\nMay be due to missing lock nesting notation\n\n2 locks held by ip/7684:\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:122)\nprint_deadlock_bug.cold (kernel/locking/lockdep.c:3040)\n__lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226)\n? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548)\nlock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2))\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? lock_acquire (kernel/locking/lockdep.c:5822)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? fib_sync_up (net/ipv4/fib_semantics.c:2167)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nteam_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\n__dev_notify_flags (net/core/dev.c:8993)\n? __dev_change_flags (net/core/dev.c:8975)\ndev_change_flags (net/core/dev.c:9027)\nvlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470)\n? br_device_event (net/bridge/br.c:143)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\ndev_open (net/core/dev.c:1519 net/core/dev.c:1505)\nteam_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977)\n? __pfx_team_add_slave (drivers/net/team/team_core.c:1972)\ndo_set_master (net/core/rtnetlink.c:2917)\ndo_setlink.isra.0 (net/core/rtnetlink.c:3117)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58071",
"url": "https://www.suse.com/security/cve/CVE-2024-58071"
},
{
"category": "external",
"summary": "SUSE Bug 1238970 for CVE-2024-58071",
"url": "https://bugzilla.suse.com/1238970"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58071"
},
{
"cve": "CVE-2024-58074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Grab intel_display from the encoder to avoid potential oopsies\n\nGrab the intel_display from \u0027encoder\u0027 rather than \u0027state\u0027\nin the encoder hooks to avoid the massive footgun that is\nintel_sanitize_encoder(), which passes NULL as the \u0027state\u0027\nargument to encoder .disable() and .post_disable().\n\nTODO: figure out how to actually fix intel_sanitize_encoder()...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58074",
"url": "https://www.suse.com/security/cve/CVE-2024-58074"
},
{
"category": "external",
"summary": "SUSE Bug 1238972 for CVE-2024-58074",
"url": "https://bugzilla.suse.com/1238972"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58074"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix deadlock when freeing cgroup storage\n\nThe following commit\nbc235cdb423a (\"bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]\")\nfirst introduced deadlock prevention for fentry/fexit programs attaching\non bpf_task_storage helpers. That commit also employed the logic in map\nfree path in its v6 version.\n\nLater bpf_cgrp_storage was first introduced in\nc4bcfb38a95e (\"bpf: Implement cgroup storage available to non-cgroup-attached bpf progs\")\nwhich faces the same issue as bpf_task_storage, instead of its busy\ncounter, NULL was passed to bpf_local_storage_map_free() which opened\na window to cause deadlock:\n\n\t\u003cTASK\u003e\n\t\t(acquiring local_storage-\u003elock)\n\t_raw_spin_lock_irqsave+0x3d/0x50\n\tbpf_local_storage_update+0xd1/0x460\n\tbpf_cgrp_storage_get+0x109/0x130\n\tbpf_prog_a4d4a370ba857314_cgrp_ptr+0x139/0x170\n\t? __bpf_prog_enter_recur+0x16/0x80\n\tbpf_trampoline_6442485186+0x43/0xa4\n\tcgroup_storage_ptr+0x9/0x20\n\t\t(holding local_storage-\u003elock)\n\tbpf_selem_unlink_storage_nolock.constprop.0+0x135/0x160\n\tbpf_selem_unlink_storage+0x6f/0x110\n\tbpf_local_storage_map_free+0xa2/0x110\n\tbpf_map_free_deferred+0x5b/0x90\n\tprocess_one_work+0x17c/0x390\n\tworker_thread+0x251/0x360\n\tkthread+0xd2/0x100\n\tret_from_fork+0x34/0x50\n\tret_from_fork_asm+0x1a/0x30\n\t\u003c/TASK\u003e\n\nProgs:\n - A: SEC(\"fentry/cgroup_storage_ptr\")\n - cgid (BPF_MAP_TYPE_HASH)\n\tRecord the id of the cgroup the current task belonging\n\tto in this hash map, using the address of the cgroup\n\tas the map key.\n - cgrpa (BPF_MAP_TYPE_CGRP_STORAGE)\n\tIf current task is a kworker, lookup the above hash\n\tmap using function parameter @owner as the key to get\n\tits corresponding cgroup id which is then used to get\n\ta trusted pointer to the cgroup through\n\tbpf_cgroup_from_id(). This trusted pointer can then\n\tbe passed to bpf_cgrp_storage_get() to finally trigger\n\tthe deadlock issue.\n - B: SEC(\"tp_btf/sys_enter\")\n - cgrpb (BPF_MAP_TYPE_CGRP_STORAGE)\n\tThe only purpose of this prog is to fill Prog A\u0027s\n\thash map by calling bpf_cgrp_storage_get() for as\n\tmany userspace tasks as possible.\n\nSteps to reproduce:\n - Run A;\n - while (true) { Run B; Destroy B; }\n\nFix this issue by passing its busy counter to the free procedure so\nit can be properly incremented before storage/smap locking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58088",
"url": "https://www.suse.com/security/cve/CVE-2024-58088"
},
{
"category": "external",
"summary": "SUSE Bug 1239510 for CVE-2024-58088",
"url": "https://bugzilla.suse.com/1239510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58088"
},
{
"cve": "CVE-2024-58091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fbdev-dma: Add shadow buffering for deferred I/O\n\nDMA areas are not necessarily backed by struct page, so we cannot\nrely on it for deferred I/O. Allocate a shadow buffer for drivers\nthat require deferred I/O and use it as framebuffer memory.\n\nFixes driver errors about being \"Unable to handle kernel NULL pointer\ndereference at virtual address\" or \"Unable to handle kernel paging\nrequest at virtual address\".\n\nThe patch splits drm_fbdev_dma_driver_fbdev_probe() in an initial\nallocation, which creates the DMA-backed buffer object, and a tail\nthat sets up the fbdev data structures. There is a tail function for\ndirect memory mappings and a tail function for deferred I/O with\nthe shadow buffer.\n\nIt is no longer possible to use deferred I/O without shadow buffer.\nIt can be re-added if there exists a reliably test for usable struct\npage in the allocated DMA-backed buffer object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58091",
"url": "https://www.suse.com/security/cve/CVE-2024-58091"
},
{
"category": "external",
"summary": "SUSE Bug 1240174 for CVE-2024-58091",
"url": "https://bugzilla.suse.com/1240174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58091"
},
{
"cve": "CVE-2024-58093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink-\u003edownstream would point to free\u0027d memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58093",
"url": "https://www.suse.com/security/cve/CVE-2024-58093"
},
{
"category": "external",
"summary": "SUSE Bug 1241347 for CVE-2024-58093",
"url": "https://bugzilla.suse.com/1241347"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58093"
},
{
"cve": "CVE-2024-58094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n jfs_write_failed() {\n jfs_truncate() {\n jfs_truncate_nolock() {\n txEnd() {\n ...\n log = JFS_SBI(tblk-\u003esb)-\u003elog;\n // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58094",
"url": "https://www.suse.com/security/cve/CVE-2024-58094"
},
{
"category": "external",
"summary": "SUSE Bug 1241443 for CVE-2024-58094",
"url": "https://bugzilla.suse.com/1241443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58094"
},
{
"cve": "CVE-2024-58095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58095",
"url": "https://www.suse.com/security/cve/CVE-2024-58095"
},
{
"category": "external",
"summary": "SUSE Bug 1241442 for CVE-2024-58095",
"url": "https://bugzilla.suse.com/1241442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58095"
},
{
"cve": "CVE-2024-58096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng-\u003elock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng-\u003elock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng-\u003elock for them to avoid such warnings.\n\nInorder to fetch the srng-\u003elock, should change srng\u0027s definition from\n\u0027void\u0027 to \u0027struct hal_srng\u0027. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58096",
"url": "https://www.suse.com/security/cve/CVE-2024-58096"
},
{
"category": "external",
"summary": "SUSE Bug 1241344 for CVE-2024-58096",
"url": "https://bugzilla.suse.com/1241344"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58096"
},
{
"cve": "CVE-2024-58097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58097",
"url": "https://www.suse.com/security/cve/CVE-2024-58097"
},
{
"category": "external",
"summary": "SUSE Bug 1241343 for CVE-2024-58097",
"url": "https://bugzilla.suse.com/1241343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-58097"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\n\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\nresizing hashtable because __GFP_NOWARN is unset. See:\n\n 0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\n\nNote: hashtable resize is only possible from init_netns.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21648",
"url": "https://www.suse.com/security/cve/CVE-2025-21648"
},
{
"category": "external",
"summary": "SUSE Bug 1236142 for CVE-2025-21648",
"url": "https://bugzilla.suse.com/1236142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21648"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_sk_select_reuseport() memory leak\n\nAs pointed out in the original comment, lookup in sockmap can return a TCP\nESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF\nset before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb\ndoes not imply a non-refcounted socket.\n\nDrop sk\u0027s reference in both error paths.\n\nunreferenced object 0xffff888101911800 (size 2048):\n comm \"test_progs\", pid 44109, jiffies 4297131437\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 9336483b):\n __kmalloc_noprof+0x3bf/0x560\n __reuseport_alloc+0x1d/0x40\n reuseport_alloc+0xca/0x150\n reuseport_attach_prog+0x87/0x140\n sk_reuseport_attach_bpf+0xc8/0x100\n sk_setsockopt+0x1181/0x1990\n do_sock_setsockopt+0x12b/0x160\n __sys_setsockopt+0x7b/0xc0\n __x64_sys_setsockopt+0x1b/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21683",
"url": "https://www.suse.com/security/cve/CVE-2025-21683"
},
{
"category": "external",
"summary": "SUSE Bug 1236704 for CVE-2025-21683",
"url": "https://bugzilla.suse.com/1236704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "low"
}
],
"title": "CVE-2025-21683"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21696"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: clear uffd-wp PTE/PMD state on mremap()\n\nWhen mremap()ing a memory region previously registered with userfaultfd as\nwrite-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in\nflag clearing leads to a mismatch between the vma flags (which have\nuffd-wp cleared) and the pte/pmd flags (which do not have uffd-wp\ncleared). This mismatch causes a subsequent mprotect(PROT_WRITE) to\ntrigger a warning in page_table_check_pte_flags() due to setting the pte\nto writable while uffd-wp is still set.\n\nFix this by always explicitly clearing the uffd-wp pte/pmd flags on any\nsuch mremap() so that the values are consistent with the existing clearing\nof VM_UFFD_WP. Be careful to clear the logical flag regardless of its\nphysical form; a PTE bit, a swap PTE bit, or a PTE marker. Cover PTE,\nhuge PMD and hugetlb paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21696",
"url": "https://www.suse.com/security/cve/CVE-2025-21696"
},
{
"category": "external",
"summary": "SUSE Bug 1237111 for CVE-2025-21696",
"url": "https://bugzilla.suse.com/1237111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21696"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: consolidate suboption status\n\nMPTCP maintains the received sub-options status is the bitmask carrying\nthe received suboptions and in several bitfields carrying per suboption\nadditional info.\n\nZeroing the bitmask before parsing is not enough to ensure a consistent\nstatus, and the MPTCP code has to additionally clear some bitfiled\ndepending on the actually parsed suboption.\n\nThe above schema is fragile, and syzbot managed to trigger a path where\na relevant bitfield is not cleared/initialized:\n\n BUG: KMSAN: uninit-value in __mptcp_expand_seq net/mptcp/options.c:1030 [inline]\n BUG: KMSAN: uninit-value in mptcp_expand_seq net/mptcp/protocol.h:864 [inline]\n BUG: KMSAN: uninit-value in ack_update_msk net/mptcp/options.c:1060 [inline]\n BUG: KMSAN: uninit-value in mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209\n __mptcp_expand_seq net/mptcp/options.c:1030 [inline]\n mptcp_expand_seq net/mptcp/protocol.h:864 [inline]\n ack_update_msk net/mptcp/options.c:1060 [inline]\n mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209\n tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233\n tcp_rcv_established+0x1061/0x2510 net/ipv4/tcp_input.c:6264\n tcp_v4_do_rcv+0x7f3/0x11a0 net/ipv4/tcp_ipv4.c:1916\n tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:460 [inline]\n ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567\n __netif_receive_skb_one_core net/core/dev.c:5704 [inline]\n __netif_receive_skb+0x319/0xa00 net/core/dev.c:5817\n process_backlog+0x4ad/0xa50 net/core/dev.c:6149\n __napi_poll+0xe7/0x980 net/core/dev.c:6902\n napi_poll net/core/dev.c:6971 [inline]\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4493\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_hh_output include/net/neighbour.h:523 [inline]\n neigh_output include/net/neighbour.h:537 [inline]\n ip_finish_output2+0x187c/0x1b70 net/ipv4/ip_output.c:236\n __ip_finish_output+0x287/0x810\n ip_finish_output+0x4b/0x600 net/ipv4/ip_output.c:324\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip_output+0x15f/0x3f0 net/ipv4/ip_output.c:434\n dst_output include/net/dst.h:450 [inline]\n ip_local_out net/ipv4/ip_output.c:130 [inline]\n __ip_queue_xmit+0x1f2a/0x20d0 net/ipv4/ip_output.c:536\n ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:550\n __tcp_transmit_skb+0x3cea/0x4900 net/ipv4/tcp_output.c:1468\n tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]\n tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829\n __tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012\n tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618\n __tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130\n __mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496\n mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550\n mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [inline]\n mptcp_pm_flush_addrs_and_subflows net/mptcp/pm_netlink.c:1688 [inline]\n mptcp_nl_flush_addrs_list net/mptcp/pm_netlink.c:1709 [inline]\n mptcp_pm_nl_flush_addrs_doit+0xe10/0x1630 net/mptcp/pm_netlink.c:1750\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21707",
"url": "https://www.suse.com/security/cve/CVE-2025-21707"
},
{
"category": "external",
"summary": "SUSE Bug 1238862 for CVE-2025-21707",
"url": "https://bugzilla.suse.com/1238862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21707"
},
{
"cve": "CVE-2025-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21717"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq\n\nkvzalloc_node is not doing a runtime check on the node argument\n(__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands to\nnothing on !CONFIG_DEBUG_VM builds), so doing any ethtool/netlink\noperation that calls mlx5e_open on a CPU that\u0027s larger that MAX_NUMNODES\ntriggers OOB access and panic (see the trace below).\n\nAdd missing cpu_to_node call to convert cpu id to node id.\n\n[ 165.427394] mlx5_core 0000:5c:00.0 beth1: Link up\n[ 166.479327] BUG: unable to handle page fault for address: 0000000800000010\n[ 166.494592] #PF: supervisor read access in kernel mode\n[ 166.505995] #PF: error_code(0x0000) - not-present page\n...\n[ 166.816958] Call Trace:\n[ 166.822380] \u003cTASK\u003e\n[ 166.827034] ? __die_body+0x64/0xb0\n[ 166.834774] ? page_fault_oops+0x2cd/0x3f0\n[ 166.843862] ? exc_page_fault+0x63/0x130\n[ 166.852564] ? asm_exc_page_fault+0x22/0x30\n[ 166.861843] ? __kvmalloc_node_noprof+0x43/0xd0\n[ 166.871897] ? get_partial_node+0x1c/0x320\n[ 166.880983] ? deactivate_slab+0x269/0x2b0\n[ 166.890069] ___slab_alloc+0x521/0xa90\n[ 166.898389] ? __kvmalloc_node_noprof+0x43/0xd0\n[ 166.908442] __kmalloc_node_noprof+0x216/0x3f0\n[ 166.918302] ? __kvmalloc_node_noprof+0x43/0xd0\n[ 166.928354] __kvmalloc_node_noprof+0x43/0xd0\n[ 166.938021] mlx5e_open_channels+0x5e2/0xc00\n[ 166.947496] mlx5e_open_locked+0x3e/0xf0\n[ 166.956201] mlx5e_open+0x23/0x50\n[ 166.963551] __dev_open+0x114/0x1c0\n[ 166.971292] __dev_change_flags+0xa2/0x1b0\n[ 166.980378] dev_change_flags+0x21/0x60\n[ 166.988887] do_setlink+0x38d/0xf20\n[ 166.996628] ? ep_poll_callback+0x1b9/0x240\n[ 167.005910] ? __nla_validate_parse.llvm.10713395753544950386+0x80/0xd70\n[ 167.020782] ? __wake_up_sync_key+0x52/0x80\n[ 167.030066] ? __mutex_lock+0xff/0x550\n[ 167.038382] ? security_capable+0x50/0x90\n[ 167.047279] rtnl_setlink+0x1c9/0x210\n[ 167.055403] ? ep_poll_callback+0x1b9/0x240\n[ 167.064684] ? security_capable+0x50/0x90\n[ 167.073579] rtnetlink_rcv_msg+0x2f9/0x310\n[ 167.082667] ? rtnetlink_bind+0x30/0x30\n[ 167.091173] netlink_rcv_skb+0xb1/0xe0\n[ 167.099492] netlink_unicast+0x20f/0x2e0\n[ 167.108191] netlink_sendmsg+0x389/0x420\n[ 167.116896] __sys_sendto+0x158/0x1c0\n[ 167.125024] __x64_sys_sendto+0x22/0x30\n[ 167.133534] do_syscall_64+0x63/0x130\n[ 167.141657] ? __irq_exit_rcu.llvm.17843942359718260576+0x52/0xd0\n[ 167.155181] entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21717",
"url": "https://www.suse.com/security/cve/CVE-2025-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1238866 for CVE-2025-21717",
"url": "https://bugzilla.suse.com/1238866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21717"
},
{
"cve": "CVE-2025-21729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix race between cancel_hw_scan and hw_scan completion\n\nThe rtwdev-\u003escanning flag isn\u0027t protected by mutex originally, so\ncancel_hw_scan can pass the condition, but suddenly hw_scan completion\nunset the flag and calls ieee80211_scan_completed() that will free\nlocal-\u003ehw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and\nuse-after-free. Fix it by moving the check condition to where\nprotected by mutex.\n\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G OE\n Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019\n Workqueue: events cfg80211_conn_work [cfg80211]\n RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d\n RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001\n RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089\n RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960\n R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x61/0x73\n ? __die_body+0x20/0x73\n ? die_addr+0x4f/0x7b\n ? exc_general_protection+0x191/0x1db\n ? asm_exc_general_protection+0x27/0x30\n ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core]\n ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core]\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx_do_raw_spin_lock+0x10/0x10\n rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core]\n ? _raw_spin_unlock+0xe/0x24\n ? __mutex_lock.constprop.0+0x40c/0x471\n ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core]\n ? __mutex_lock_slowpath+0x13/0x1f\n ? mutex_lock+0xa2/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core]\n rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core]\n ieee80211_scan_cancel+0x468/0x4d0 [mac80211]\n ieee80211_prep_connection+0x858/0x899 [mac80211]\n ieee80211_mgd_auth+0xbea/0xdde [mac80211]\n ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211]\n ? cfg80211_find_elem+0x15/0x29 [cfg80211]\n ? is_bss+0x1b7/0x1d7 [cfg80211]\n ieee80211_auth+0x18/0x27 [mac80211]\n cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211]\n cfg80211_conn_do_work+0x410/0xb81 [cfg80211]\n ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211]\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? __kasan_check_write+0x14/0x22\n ? mutex_lock+0x8e/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx___radix_tree_lookup+0x10/0x10\n cfg80211_conn_work+0x245/0x34d [cfg80211]\n ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211]\n ? update_cfs_rq_load_avg+0x3bc/0x3d7\n ? sched_clock_noinstr+0x9/0x1a\n ? sched_clock+0x10/0x24\n ? sched_clock_cpu+0x7e/0x42e\n ? newidle_balance+0x796/0x937\n ? __pfx_sched_clock_cpu+0x10/0x10\n ? __pfx_newidle_balance+0x10/0x10\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? _raw_spin_unlock+0xe/0x24\n ? raw_spin_rq_unlock+0x47/0x54\n ? raw_spin_rq_unlock_irq+0x9/0x1f\n ? finish_task_switch.isra.0+0x347/0x586\n ? __schedule+0x27bf/0x2892\n ? mutex_unlock+0x80/0xd0\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx___schedule+0x10/0x10\n process_scheduled_works+0x58c/0x821\n worker_thread+0x4c7/0x586\n ? __kasan_check_read+0x11/0x1f\n kthread+0x285/0x294\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x6f\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21729",
"url": "https://www.suse.com/security/cve/CVE-2025-21729"
},
{
"category": "external",
"summary": "SUSE Bug 1237874 for CVE-2025-21729",
"url": "https://bugzilla.suse.com/1237874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21729"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21755"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21755",
"url": "https://www.suse.com/security/cve/CVE-2025-21755"
},
{
"category": "external",
"summary": "SUSE Bug 1237882 for CVE-2025-21755",
"url": "https://bugzilla.suse.com/1237882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21755"
},
{
"cve": "CVE-2025-21758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: add RCU protection to mld_newpack()\n\nmld_newpack() can be called without RTNL or RCU being held.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21758",
"url": "https://www.suse.com/security/cve/CVE-2025-21758"
},
{
"category": "external",
"summary": "SUSE Bug 1238737 for CVE-2025-21758",
"url": "https://bugzilla.suse.com/1238737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21758"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21768"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels\n\nSome lwtunnels have a dst cache for post-transformation dst.\nIf the packet destination did not change we may end up recording\na reference to the lwtunnel in its own cache, and the lwtunnel\nstate will never be freed.\n\nDiscovered by the ioam6.sh test, kmemleak was recently fixed\nto catch per-cpu memory leaks. I\u0027m not sure if rpl and seg6\ncan actually hit this, but in principle I don\u0027t see why not.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21768",
"url": "https://www.suse.com/security/cve/CVE-2025-21768"
},
{
"category": "external",
"summary": "SUSE Bug 1238714 for CVE-2025-21768",
"url": "https://bugzilla.suse.com/1238714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21768"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: better TEAM_OPTION_TYPE_STRING validation\n\nsyzbot reported following splat [1]\n\nMake sure user-provided data contains one nul byte.\n\n[1]\n BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]\n BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714\n string_nocheck lib/vsprintf.c:633 [inline]\n string+0x3ec/0x5f0 lib/vsprintf.c:714\n vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843\n __request_module+0x252/0x9f0 kernel/module/kmod.c:149\n team_mode_get drivers/net/team/team_core.c:480 [inline]\n team_change_mode drivers/net/team/team_core.c:607 [inline]\n team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401\n team_option_set drivers/net/team/team_core.c:375 [inline]\n team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543\n genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:733\n ____sys_sendmsg+0x877/0xb60 net/socket.c:2573\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627\n __sys_sendmsg net/socket.c:2659 [inline]\n __do_sys_sendmsg net/socket.c:2664 [inline]\n __se_sys_sendmsg net/socket.c:2662 [inline]\n __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662\n x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21787",
"url": "https://www.suse.com/security/cve/CVE-2025-21787"
},
{
"category": "external",
"summary": "SUSE Bug 1238774 for CVE-2025-21787",
"url": "https://bugzilla.suse.com/1238774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21787"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt\n\nIf an AX25 device is bound to a socket by setting the SO_BINDTODEVICE\nsocket option, a refcount leak will occur in ax25_release().\n\nCommit 9fd75b66b8f6 (\"ax25: Fix refcount leaks caused by ax25_cb_del()\")\nadded decrement of device refcounts in ax25_release(). In order for that\nto work correctly the refcounts must already be incremented when the\ndevice is bound to the socket. An AX25 device can be bound to a socket\nby either calling ax25_bind() or setting SO_BINDTODEVICE socket option.\nIn both cases the refcounts should be incremented, but in fact it is done\nonly in ax25_bind().\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nModules linked in:\nCPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4156 [inline]\n netdev_put include/linux/netdevice.h:4173 [inline]\n netdev_put include/linux/netdevice.h:4169 [inline]\n ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069\n __sock_release+0xb0/0x270 net/socket.c:640\n sock_close+0x1c/0x30 net/socket.c:1408\n ...\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nFix the implementation of ax25_setsockopt() by adding increment of\nrefcounts for the new device bound, and decrement of refcounts for\nthe old unbound device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21792",
"url": "https://www.suse.com/security/cve/CVE-2025-21792"
},
{
"category": "external",
"summary": "SUSE Bug 1238745 for CVE-2025-21792",
"url": "https://bugzilla.suse.com/1238745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21792"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, fix definer\u0027s HWS_SET32 macro for negative offset\n\nWhen bit offset for HWS_SET32 macro is negative,\nUBSAN complains about the shift-out-of-bounds:\n\n UBSAN: shift-out-of-bounds in\n drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c:177:2\n shift exponent -8 is negative",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21800",
"url": "https://www.suse.com/security/cve/CVE-2025-21800"
},
{
"category": "external",
"summary": "SUSE Bug 1238743 for CVE-2025-21800",
"url": "https://bugzilla.suse.com/1238743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21800"
},
{
"cve": "CVE-2025-21806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi\u0027s weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi\u0027s weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21806",
"url": "https://www.suse.com/security/cve/CVE-2025-21806"
},
{
"category": "external",
"summary": "SUSE Bug 1238746 for CVE-2025-21806",
"url": "https://bugzilla.suse.com/1238746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xdp: Disallow attaching device-bound programs in generic mode\n\nDevice-bound programs are used to support RX metadata kfuncs. These\nkfuncs are driver-specific and rely on the driver context to read the\nmetadata. This means they can\u0027t work in generic XDP mode. However, there\nis no check to disallow such programs from being attached in generic\nmode, in which case the metadata kfuncs will be called in an invalid\ncontext, leading to crashes.\n\nFix this by adding a check to disallow attaching device-bound programs\nin generic mode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21808",
"url": "https://www.suse.com/security/cve/CVE-2025-21808"
},
{
"category": "external",
"summary": "SUSE Bug 1238742 for CVE-2025-21808",
"url": "https://bugzilla.suse.com/1238742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21808"
},
{
"cve": "CVE-2025-21812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: rcu protect dev-\u003eax25_ptr\n\nsyzbot found a lockdep issue [1].\n\nWe should remove ax25 RTNL dependency in ax25_setsockopt()\n\nThis should also fix a variety of possible UAF in ax25.\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted\n------------------------------------------------------\nsyz.5.1818/12806 is trying to acquire lock:\n ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n\nbut task is already holding lock:\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (sk_lock-AF_AX25){+.+.}-{0:0}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n lock_sock_nested+0x48/0x100 net/core/sock.c:3642\n lock_sock include/net/sock.h:1618 [inline]\n ax25_kill_by_device net/ax25/af_ax25.c:101 [inline]\n ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146\n notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85\n __dev_notify_flags+0x207/0x400\n dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026\n dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563\n dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820\n sock_do_ioctl+0x240/0x460 net/socket.c:1234\n sock_ioctl+0x626/0x8e0 net/socket.c:1339\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (rtnl_mutex){+.+.}-{4:4}:\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/locking/lockdep.c:3280 [inline]\n validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904\n __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735\n ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2324\n __sys_setsockopt net/socket.c:2349 [inline]\n __do_sys_setsockopt net/socket.c:2355 [inline]\n __se_sys_setsockopt net/socket.c:2352 [inline]\n __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n\n *** DEADLOCK ***\n\n1 lock held by syz.5.1818/12806:\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074\n check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/lockin\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21812",
"url": "https://www.suse.com/security/cve/CVE-2025-21812"
},
{
"category": "external",
"summary": "SUSE Bug 1238471 for CVE-2025-21812",
"url": "https://bugzilla.suse.com/1238471"
},
{
"category": "external",
"summary": "SUSE Bug 1240736 for CVE-2025-21812",
"url": "https://bugzilla.suse.com/1240736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21812"
},
{
"cve": "CVE-2025-21814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Ensure info-\u003eenable callback is always set\n\nThe ioctl and sysfs handlers unconditionally call the -\u003eenable callback.\nNot all drivers implement that callback, leading to NULL dereferences.\nExample of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.\n\nInstead use a dummy callback if no better was specified by the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21814",
"url": "https://www.suse.com/security/cve/CVE-2025-21814"
},
{
"category": "external",
"summary": "SUSE Bug 1238473 for CVE-2025-21814",
"url": "https://bugzilla.suse.com/1238473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21814"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\n\nThere is a WARN_ON_ONCE to catch an unlikely situation when\ndomain_remove_dev_pasid can\u0027t find the `pasid`. In case it nevertheless\nhappens we must avoid using a NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21833",
"url": "https://www.suse.com/security/cve/CVE-2025-21833"
},
{
"category": "external",
"summary": "SUSE Bug 1239108 for CVE-2025-21833",
"url": "https://bugzilla.suse.com/1239108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21833"
},
{
"cve": "CVE-2025-21836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: reallocate buf lists on upgrade\n\nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it\nwas created for legacy selected buffer and has been emptied. It violates\nthe requirement that most of the field should stay stable after publish.\nAlways reallocate it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21836",
"url": "https://www.suse.com/security/cve/CVE-2025-21836"
},
{
"category": "external",
"summary": "SUSE Bug 1239066 for CVE-2025-21836",
"url": "https://bugzilla.suse.com/1239066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21836"
},
{
"cve": "CVE-2025-21837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21837"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21837",
"url": "https://www.suse.com/security/cve/CVE-2025-21837"
},
{
"category": "external",
"summary": "SUSE Bug 1239064 for CVE-2025-21837",
"url": "https://bugzilla.suse.com/1239064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21837"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Add rx_skb of kfree_skb to raw_tp_null_args[].\n\nYan Zhai reported a BPF prog could trigger a null-ptr-deref [0]\nin trace_kfree_skb if the prog does not check if rx_sk is NULL.\n\nCommit c53795d48ee8 (\"net: add rx_sk to trace_kfree_skb\") added\nrx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL.\n\nLet\u0027s add kfree_skb to raw_tp_null_args[] to let the BPF verifier\nvalidate such a prog and prevent the issue.\n\nNow we fail to load such a prog:\n\n libbpf: prog \u0027drop\u0027: -- BEGIN PROG LOAD LOG --\n 0: R1=ctx() R10=fp0\n ; int BPF_PROG(drop, struct sk_buff *skb, void *location, @ kfree_skb_sk_null.bpf.c:21\n 0: (79) r3 = *(u64 *)(r1 +24)\n func \u0027kfree_skb\u0027 arg3 has btf_id 5253 type STRUCT \u0027sock\u0027\n 1: R1=ctx() R3_w=trusted_ptr_or_null_sock(id=1)\n ; bpf_printk(\"sk: %d, %d\\n\", sk, sk-\u003e__sk_common.skc_family); @ kfree_skb_sk_null.bpf.c:24\n 1: (69) r4 = *(u16 *)(r3 +16)\n R3 invalid mem access \u0027trusted_ptr_or_null_\u0027\n processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0\n -- END PROG LOAD LOG --\n\nNote this fix requires commit 838a10bd2ebf (\"bpf: Augment raw_tp\narguments with PTR_MAYBE_NULL\").\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000010\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP\nRIP: 0010:bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x60\n ? page_fault_oops+0x148/0x420\n ? search_bpf_extables+0x5b/0x70\n ? fixup_exception+0x27/0x2c0\n ? exc_page_fault+0x75/0x170\n ? asm_exc_page_fault+0x22/0x30\n ? bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d\n bpf_trace_run4+0x68/0xd0\n ? unix_stream_connect+0x1f4/0x6f0\n sk_skb_reason_drop+0x90/0x120\n unix_stream_connect+0x1f4/0x6f0\n __sys_connect+0x7f/0xb0\n __x64_sys_connect+0x14/0x20\n do_syscall_64+0x47/0xc30\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21852",
"url": "https://www.suse.com/security/cve/CVE-2025-21852"
},
{
"category": "external",
"summary": "SUSE Bug 1239487 for CVE-2025-21852",
"url": "https://bugzilla.suse.com/1239487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21852"
},
{
"cve": "CVE-2025-21853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: avoid holding freeze_mutex during mmap operation\n\nWe use map-\u003efreeze_mutex to prevent races between map_freeze() and\nmemory mapping BPF map contents with writable permissions. The way we\nnaively do this means we\u0027ll hold freeze_mutex for entire duration of all\nthe mm and VMA manipulations, which is completely unnecessary. This can\npotentially also lead to deadlocks, as reported by syzbot in [0].\n\nSo, instead, hold freeze_mutex only during writeability checks, bump\n(proactively) \"write active\" count for the map, unlock the mutex and\nproceed with mmap logic. And only if something went wrong during mmap\nlogic, then undo that \"write active\" counter increment.\n\n [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21853",
"url": "https://www.suse.com/security/cve/CVE-2025-21853"
},
{
"category": "external",
"summary": "SUSE Bug 1239476 for CVE-2025-21853",
"url": "https://bugzilla.suse.com/1239476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21853"
},
{
"cve": "CVE-2025-21854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsockmap, vsock: For connectible sockets allow only connected\n\nsockmap expects all vsocks to have a transport assigned, which is expressed\nin vsock_proto::psock_update_sk_prot(). However, there is an edge case\nwhere an unconnected (connectible) socket may lose its previously assigned\ntransport. This is handled with a NULL check in the vsock/BPF recv path.\n\nAnother design detail is that listening vsocks are not supposed to have any\ntransport assigned at all. Which implies they are not supported by the\nsockmap. But this is complicated by the fact that a socket, before\nswitching to TCP_LISTEN, may have had some transport assigned during a\nfailed connect() attempt. Hence, we may end up with a listening vsock in a\nsockmap, which blows up quickly:\n\nKASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]\nCPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:vsock_read_skb+0x4b/0x90\nCall Trace:\n sk_psock_verdict_data_ready+0xa4/0x2e0\n virtio_transport_recv_pkt+0x1ca8/0x2acc\n vsock_loopback_work+0x27d/0x3f0\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x35a/0x700\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nFor connectible sockets, instead of relying solely on the state of\nvsk-\u003etransport, tell sockmap to only allow those representing established\nconnections. This aligns with the behaviour for AF_INET and AF_UNIX.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21854",
"url": "https://www.suse.com/security/cve/CVE-2025-21854"
},
{
"category": "external",
"summary": "SUSE Bug 1239470 for CVE-2025-21854",
"url": "https://bugzilla.suse.com/1239470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21854"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u003eopcode is used for different tables, make sure we santitise it\nagainst speculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21863",
"url": "https://www.suse.com/security/cve/CVE-2025-21863"
},
{
"category": "external",
"summary": "SUSE Bug 1239475 for CVE-2025-21863",
"url": "https://bugzilla.suse.com/1239475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21863"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()\n\nKMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The\ncause of the issue was that eth_skb_pkt_type() accessed skb\u0027s data\nthat didn\u0027t contain an Ethernet header. This occurs when\nbpf_prog_test_run_xdp() passes an invalid value as the user_data\nargument to bpf_test_init().\n\nFix this by returning an error when user_data is less than ETH_HLEN in\nbpf_test_init(). Additionally, remove the check for \"if (user_size \u003e\nsize)\" as it is unnecessary.\n\n[1]\nBUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]\nBUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165\n eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]\n eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165\n __xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635\n xdp_recv_frames net/bpf/test_run.c:272 [inline]\n xdp_test_run_batch net/bpf/test_run.c:361 [inline]\n bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390\n bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318\n bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371\n __sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777\n __do_sys_bpf kernel/bpf/syscall.c:5866 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5864 [inline]\n __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864\n x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1056 [inline]\n free_unref_page+0x156/0x1320 mm/page_alloc.c:2657\n __free_pages+0xa3/0x1b0 mm/page_alloc.c:4838\n bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]\n ringbuf_map_free+0xff/0x1e0 kernel/bpf/ringbuf.c:235\n bpf_map_free kernel/bpf/syscall.c:838 [inline]\n bpf_map_free_deferred+0x17c/0x310 kernel/bpf/syscall.c:862\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa2b/0x1b60 kernel/workqueue.c:3310\n worker_thread+0xedf/0x1550 kernel/workqueue.c:3391\n kthread+0x535/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x6e/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nCPU: 1 UID: 0 PID: 17276 Comm: syz.1.16450 Not tainted 6.12.0-05490-g9bb88c659673 #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21867",
"url": "https://www.suse.com/security/cve/CVE-2025-21867"
},
{
"category": "external",
"summary": "SUSE Bug 1240181 for CVE-2025-21867",
"url": "https://bugzilla.suse.com/1240181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21867"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: bsg: Fix crash when arpmb command fails\n\nIf the device doesn\u0027t support arpmb we\u0027ll crash due to copying user data in\nbsg_transport_sg_io_fn().\n\nIn the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not\nset the job\u0027s reply_len.\n\nMemory crash backtrace:\n3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22\n\n4,1308,531166555,-;Call Trace:\n\n4,1309,531166559,-; \u003cTASK\u003e\n\n4,1310,531166565,-; ? show_regs+0x6d/0x80\n\n4,1311,531166575,-; ? die+0x37/0xa0\n\n4,1312,531166583,-; ? do_trap+0xd4/0xf0\n\n4,1313,531166593,-; ? do_error_trap+0x71/0xb0\n\n4,1314,531166601,-; ? usercopy_abort+0x6c/0x80\n\n4,1315,531166610,-; ? exc_invalid_op+0x52/0x80\n\n4,1316,531166622,-; ? usercopy_abort+0x6c/0x80\n\n4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20\n\n4,1318,531166643,-; ? usercopy_abort+0x6c/0x80\n\n4,1319,531166652,-; __check_heap_object+0xe3/0x120\n\n4,1320,531166661,-; check_heap_object+0x185/0x1d0\n\n4,1321,531166670,-; __check_object_size.part.0+0x72/0x150\n\n4,1322,531166679,-; __check_object_size+0x23/0x30\n\n4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21873",
"url": "https://www.suse.com/security/cve/CVE-2025-21873"
},
{
"category": "external",
"summary": "SUSE Bug 1240184 for CVE-2025-21873",
"url": "https://bugzilla.suse.com/1240184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21873"
},
{
"cve": "CVE-2025-21875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003c0f\u003e 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21875",
"url": "https://www.suse.com/security/cve/CVE-2025-21875"
},
{
"category": "external",
"summary": "SUSE Bug 1240168 for CVE-2025-21875",
"url": "https://bugzilla.suse.com/1240168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21875"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)=\u0027./file0\\x00\u0027, 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)=\u0027GPL\\x00\u0027, 0x7, 0x0, 0x0, 0x0, 0x0, \u0027\\x00\u0027, 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)=\u0027./file0\\x00\u0027, \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio\u0027s refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21881",
"url": "https://www.suse.com/security/cve/CVE-2025-21881"
},
{
"category": "external",
"summary": "SUSE Bug 1240185 for CVE-2025-21881",
"url": "https://bugzilla.suse.com/1240185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21881"
},
{
"cve": "CVE-2025-21882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix vport QoS cleanup on error\n\nWhen enabling vport QoS fails, the scheduling node was never freed,\ncausing a leak.\n\nAdd the missing free and reset the vport scheduling node pointer to\nNULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21882",
"url": "https://www.suse.com/security/cve/CVE-2025-21882"
},
{
"category": "external",
"summary": "SUSE Bug 1240187 for CVE-2025-21882",
"url": "https://bugzilla.suse.com/1240187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21882"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: better track kernel sockets lifetime\n\nWhile kernel sockets are dismantled during pernet_operations-\u003eexit(),\ntheir freeing can be delayed by any tx packets still held in qdisc\nor device queues, due to skb_set_owner_w() prior calls.\n\nThis then trigger the following warning from ref_tracker_dir_exit() [1]\n\nTo fix this, make sure that kernel sockets own a reference on net-\u003epassive.\n\nAdd sk_net_refcnt_upgrade() helper, used whenever a kernel socket\nis converted to a refcounted one.\n\n[1]\n\n[ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.263918][ T35] sk_alloc+0x2b3/0x370\n[ 136.263918][ T35] inet6_create+0x6ce/0x10f0\n[ 136.263918][ T35] __sock_create+0x4c0/0xa30\n[ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.263918][ T35] igmp6_net_init+0x39/0x390\n[ 136.263918][ T35] ops_init+0x31e/0x590\n[ 136.263918][ T35] setup_net+0x287/0x9e0\n[ 136.263918][ T35] copy_net_ns+0x33f/0x570\n[ 136.263918][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.263918][ T35] ksys_unshare+0x57d/0xa70\n[ 136.263918][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.263918][ T35] do_syscall_64+0xf3/0x230\n[ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 136.263918][ T35]\n[ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.343488][ T35] sk_alloc+0x2b3/0x370\n[ 136.343488][ T35] inet6_create+0x6ce/0x10f0\n[ 136.343488][ T35] __sock_create+0x4c0/0xa30\n[ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0\n[ 136.343488][ T35] ops_init+0x31e/0x590\n[ 136.343488][ T35] setup_net+0x287/0x9e0\n[ 136.343488][ T35] copy_net_ns+0x33f/0x570\n[ 136.343488][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.343488][ T35] ksys_unshare+0x57d/0xa70\n[ 136.343488][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.343488][ T35] do_syscall_64+0xf3/0x230\n[ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21884",
"url": "https://www.suse.com/security/cve/CVE-2025-21884"
},
{
"category": "external",
"summary": "SUSE Bug 1240171 for CVE-2025-21884",
"url": "https://bugzilla.suse.com/1240171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21884"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up\n\nThe issue was caused by dput(upper) being called before\novl_dentry_update_reval(), while upper-\u003ed_flags was still\naccessed in ovl_dentry_remote().\n\nMove dput(upper) after its last use to prevent use-after-free.\n\nBUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\nBUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\n ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n ovl_link_up fs/overlayfs/copy_up.c:610 [inline]\n ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170\n ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223\n ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136\n vfs_rename+0xf84/0x20a0 fs/namei.c:4893\n...\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21887",
"url": "https://www.suse.com/security/cve/CVE-2025-21887"
},
{
"category": "external",
"summary": "SUSE Bug 1240176 for CVE-2025-21887",
"url": "https://bugzilla.suse.com/1240176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21887"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\n\nThe perf_iterate_ctx() function performs RCU list traversal but\ncurrently lacks RCU read lock protection. This causes lockdep warnings\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\n\n\tWARNING: suspicious RCU usage\n\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\n\n\t Call Trace:\n\t lockdep_rcu_suspicious\n\t ? perf_event_addr_filters_apply\n\t perf_iterate_ctx\n\t perf_event_exec\n\t begin_new_exec\n\t ? load_elf_phdrs\n\t load_elf_binary\n\t ? lock_acquire\n\t ? find_held_lock\n\t ? bprm_execve\n\t bprm_execve\n\t do_execveat_common.isra.0\n\t __x64_sys_execve\n\t do_syscall_64\n\t entry_SYSCALL_64_after_hwframe\n\nThis protection was previously present but was removed in commit\nbd2756811766 (\"perf: Rewrite core context handling\"). Add back the\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\nperf_iterate_ctx() call in perf_event_exec().\n\n[ mingo: Use scoped_guard() as suggested by Peter ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21889",
"url": "https://www.suse.com/security/cve/CVE-2025-21889"
},
{
"category": "external",
"summary": "SUSE Bug 1240167 for CVE-2025-21889",
"url": "https://bugzilla.suse.com/1240167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21889"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-21893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21893"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix UAF in key_put()\n\nOnce a key\u0027s reference count has been reduced to 0, the garbage collector\nthread may destroy it at any time and so key_put() is not allowed to touch\nthe key after that point. The most key_put() is normally allowed to do is\nto touch key_gc_work as that\u0027s a static global variable.\n\nHowever, in an effort to speed up the reclamation of quota, this is now\ndone in key_put() once the key\u0027s usage is reduced to 0 - but now the code\nis looking at the key after the deadline, which is forbidden.\n\nFix this by using a flag to indicate that a key can be gc\u0027d now rather than\nlooking at the key\u0027s refcount in the garbage collector.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21893",
"url": "https://www.suse.com/security/cve/CVE-2025-21893"
},
{
"category": "external",
"summary": "SUSE Bug 1240427 for CVE-2025-21893",
"url": "https://bugzilla.suse.com/1240427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21893"
},
{
"cve": "CVE-2025-21894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC\n\nActually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only\nENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash\nif VFs are used to test one-step timestamp, the crash log as follows.\n\n[ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0\n[ 129.287769] Call trace:\n[ 129.290219] enetc_port_mac_wr+0x30/0xec (P)\n[ 129.294504] enetc_start_xmit+0xda4/0xe74\n[ 129.298525] enetc_xmit+0x70/0xec\n[ 129.301848] dev_hard_start_xmit+0x98/0x118",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21894",
"url": "https://www.suse.com/security/cve/CVE-2025-21894"
},
{
"category": "external",
"summary": "SUSE Bug 1240581 for CVE-2025-21894",
"url": "https://bugzilla.suse.com/1240581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21894"
},
{
"cve": "CVE-2025-21895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\n\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\nperf_event_pmu_context, but not in the same order.\n\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\nthe time when an event/PMU is added. While the order for a child is\nimpacted by the event order in the pinned_groups and flexible_groups. So\nthe order of pmu_ctx_list in the parent and child may be different.\n\nTo fix this problem, insert the perf_event_pmu_context to its proper place\nafter iteration of the pmu_ctx_list.\n\nThe follow testcase can trigger above warning:\n\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\n\n test.c\n\n void main() {\n int count = 0;\n pid_t pid;\n\n printf(\"%d running\\n\", getpid());\n sleep(30);\n printf(\"running\\n\");\n\n pid = fork();\n if (pid == -1) {\n printf(\"fork error\\n\");\n return;\n }\n if (pid == 0) {\n while (1) {\n count++;\n }\n } else {\n while (1) {\n count++;\n }\n }\n }\n\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\nand then open tracepoint and software events, so the parent context will\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\ninsert the perf_event_pmu_context in another order and the warning will\ntrigger.\n\n[ mingo: Tidied up the changelog. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21895",
"url": "https://www.suse.com/security/cve/CVE-2025-21895"
},
{
"category": "external",
"summary": "SUSE Bug 1240585 for CVE-2025-21895",
"url": "https://bugzilla.suse.com/1240585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21895"
},
{
"cve": "CVE-2025-21904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21904"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncaif_virtio: fix wrong pointer check in cfv_probe()\n\ndel_vqs() frees virtqueues, therefore cfv-\u003evq_tx pointer should be checked\nfor NULL before calling it, not cfv-\u003evdev. Also the current implementation\nis redundant because the pointer cfv-\u003evdev is dereferenced before it is\nchecked for NULL.\n\nFix this by checking cfv-\u003evq_tx for NULL instead of cfv-\u003evdev before\ncalling del_vqs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21904",
"url": "https://www.suse.com/security/cve/CVE-2025-21904"
},
{
"category": "external",
"summary": "SUSE Bug 1240576 for CVE-2025-21904",
"url": "https://bugzilla.suse.com/1240576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21904"
},
{
"cve": "CVE-2025-21905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: limit printed string from FW file\n\nThere\u0027s no guarantee here that the file is always with a\nNUL-termination, so reading the string may read beyond the\nend of the TLV. If that\u0027s the last TLV in the file, it can\nperhaps even read beyond the end of the file buffer.\n\nFix that by limiting the print format to the size of the\nbuffer we have.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21905",
"url": "https://www.suse.com/security/cve/CVE-2025-21905"
},
{
"category": "external",
"summary": "SUSE Bug 1240575 for CVE-2025-21905",
"url": "https://bugzilla.suse.com/1240575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21905"
},
{
"cve": "CVE-2025-21906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: clean up ROC on failure\n\nIf the firmware fails to start the session protection, then we\ndo call iwl_mvm_roc_finished() here, but that won\u0027t do anything\nat all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set.\nSet IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path.\nIf it started successfully before, it\u0027s already set, so that\ndoesn\u0027t matter, and if it didn\u0027t start it needs to be set to\nclean up.\n\nNot doing so will lead to a WARN_ON() later on a fresh remain-\non-channel, since the link is already active when activated as\nit was never deactivated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21906",
"url": "https://www.suse.com/security/cve/CVE-2025-21906"
},
{
"category": "external",
"summary": "SUSE Bug 1240587 for CVE-2025-21906",
"url": "https://bugzilla.suse.com/1240587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21906"
},
{
"cve": "CVE-2025-21908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS\u0027s call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21908",
"url": "https://www.suse.com/security/cve/CVE-2025-21908"
},
{
"category": "external",
"summary": "SUSE Bug 1240600 for CVE-2025-21908",
"url": "https://bugzilla.suse.com/1240600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21908"
},
{
"cve": "CVE-2025-21909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21909",
"url": "https://www.suse.com/security/cve/CVE-2025-21909"
},
{
"category": "external",
"summary": "SUSE Bug 1240590 for CVE-2025-21909",
"url": "https://bugzilla.suse.com/1240590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21909"
},
{
"cve": "CVE-2025-21910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: regulatory: improve invalid hints checking\n\nSyzbot keeps reporting an issue [1] that occurs when erroneous symbols\nsent from userspace get through into user_alpha2[] via\nregulatory_hint_user() call. Such invalid regulatory hints should be\nrejected.\n\nWhile a sanity check from commit 47caf685a685 (\"cfg80211: regulatory:\nreject invalid hints\") looks to be enough to deter these very cases,\nthere is a way to get around it due to 2 reasons.\n\n1) The way isalpha() works, symbols other than latin lower and\nupper letters may be used to determine a country/domain.\nFor instance, greek letters will also be considered upper/lower\nletters and for such characters isalpha() will return true as well.\nHowever, ISO-3166-1 alpha2 codes should only hold latin\ncharacters.\n\n2) While processing a user regulatory request, between\nreg_process_hint_user() and regulatory_hint_user() there happens to\nbe a call to queue_regulatory_request() which modifies letters in\nrequest-\u003ealpha2[] with toupper(). This works fine for latin symbols,\nless so for weird letter characters from the second part of _ctype[].\n\nSyzbot triggers a warning in is_user_regdom_saved() by first sending\nover an unexpected non-latin letter that gets malformed by toupper()\ninto a character that ends up failing isalpha() check.\n\nPrevent this by enhancing is_an_alpha2() to ensure that incoming\nsymbols are latin letters and nothing else.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nUnexpected user alpha2: A\ufffd\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\nModules linked in:\nCPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_power_efficient crda_timeout_work\nRIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline]\nRIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline]\nRIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\n...\nCall Trace:\n \u003cTASK\u003e\n crda_timeout_work+0x27/0x50 net/wireless/reg.c:542\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21910",
"url": "https://www.suse.com/security/cve/CVE-2025-21910"
},
{
"category": "external",
"summary": "SUSE Bug 1240583 for CVE-2025-21910",
"url": "https://bugzilla.suse.com/1240583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21910"
},
{
"cve": "CVE-2025-21912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n [ 4.264803] (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21912",
"url": "https://www.suse.com/security/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "SUSE Bug 1240584 for CVE-2025-21912",
"url": "https://bugzilla.suse.com/1240584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21912"
},
{
"cve": "CVE-2025-21913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()\n\nXen doesn\u0027t offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results\nin the following warning:\n\n unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0)\n Call Trace:\n xen_read_msr+0x1e/0x30\n amd_get_mmconfig_range+0x2b/0x80\n quirk_amd_mmconfig_area+0x28/0x100\n pnp_fixup_device+0x39/0x50\n __pnp_add_device+0xf/0x150\n pnp_add_device+0x3d/0x100\n pnpacpi_add_device_handler+0x1f9/0x280\n acpi_ns_get_device_callback+0x104/0x1c0\n acpi_ns_walk_namespace+0x1d0/0x260\n acpi_get_devices+0x8a/0xb0\n pnpacpi_init+0x50/0x80\n do_one_initcall+0x46/0x2e0\n kernel_init_freeable+0x1da/0x2f0\n kernel_init+0x16/0x1b0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\n\nbased on quirks for a \"PNP0c01\" device. Treating MMCFG as disabled is the\nright course of action, so no change is needed there.\n\nThis was most likely exposed by fixing the Xen MSR accessors to not be\nsilently-safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21913",
"url": "https://www.suse.com/security/cve/CVE-2025-21913"
},
{
"category": "external",
"summary": "SUSE Bug 1240591 for CVE-2025-21913",
"url": "https://bugzilla.suse.com/1240591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21913"
},
{
"cve": "CVE-2025-21914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: messaging: Free transaction ID in delayed interrupt scenario\n\nIn case of interrupt delay for any reason, slim_do_transfer()\nreturns timeout error but the transaction ID (TID) is not freed.\nThis results into invalid memory access inside\nqcom_slim_ngd_rx_msgq_cb() due to invalid TID.\n\nFix the issue by freeing the TID in slim_do_transfer() before\nreturning timeout error to avoid invalid memory access.\n\nCall trace:\n__memcpy_fromio+0x20/0x190\nqcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl]\nvchan_complete+0x2a0/0x4a0\ntasklet_action_common+0x274/0x700\ntasklet_action+0x28/0x3c\n_stext+0x188/0x620\nrun_ksoftirqd+0x34/0x74\nsmpboot_thread_fn+0x1d8/0x464\nkthread+0x178/0x238\nret_from_fork+0x10/0x20\nCode: aa0003e8 91000429 f100044a 3940002b (3800150b)\n---[ end trace 0fe00bec2b975c99 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21914",
"url": "https://www.suse.com/security/cve/CVE-2025-21914"
},
{
"category": "external",
"summary": "SUSE Bug 1240595 for CVE-2025-21914",
"url": "https://bugzilla.suse.com/1240595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21914"
},
{
"cve": "CVE-2025-21915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdx: Fix possible UAF error in driver_override_show()\n\nFixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c\n\nThis function driver_override_show() is part of DEVICE_ATTR_RW, which\nincludes both driver_override_show() and driver_override_store().\nThese functions can be executed concurrently in sysfs.\n\nThe driver_override_store() function uses driver_set_override() to\nupdate the driver_override value, and driver_set_override() internally\nlocks the device (device_lock(dev)). If driver_override_show() reads\ncdx_dev-\u003edriver_override without locking, it could potentially access\na freed pointer if driver_override_store() frees the string\nconcurrently. This could lead to printing a kernel address, which is a\nsecurity risk since DEVICE_ATTR can be read by all users.\n\nAdditionally, a similar pattern is used in drivers/amba/bus.c, as well\nas many other bus drivers, where device_lock() is taken in the show\nfunction, and it has been working without issues.\n\nThis potential bug was detected by our experimental static analysis\ntool, which analyzes locking APIs and paired functions to identify\ndata races and atomicity violations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21915",
"url": "https://www.suse.com/security/cve/CVE-2025-21915"
},
{
"category": "external",
"summary": "SUSE Bug 1240594 for CVE-2025-21915",
"url": "https://bugzilla.suse.com/1240594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21915"
},
{
"cve": "CVE-2025-21916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix a flaw in existing endpoint checks\n\nSyzbot once again identified a flaw in usb endpoint checking, see [1].\nThis time the issue stems from a commit authored by me (2eabb655a968\n(\"usb: atm: cxacru: fix endpoint checking in cxacru_bind()\")).\n\nWhile using usb_find_common_endpoints() may usually be enough to\ndiscard devices with wrong endpoints, in this case one needs more\nthan just finding and identifying the sufficient number of endpoints\nof correct types - one needs to check the endpoint\u0027s address as well.\n\nSince cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,\nswitch the endpoint verification approach to usb_check_XXX_endpoints()\ninstead to fix incomplete ep testing.\n\n[1] Syzbot report:\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nRIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649\n cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]\n cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223\n usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058\n cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377\n usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396\n really_probe+0x2b9/0xad0 drivers/base/dd.c:658\n __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800\n driver_probe_device+0x50/0x430 drivers/base/dd.c:830\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21916",
"url": "https://www.suse.com/security/cve/CVE-2025-21916"
},
{
"category": "external",
"summary": "SUSE Bug 1240582 for CVE-2025-21916",
"url": "https://bugzilla.suse.com/1240582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21916"
},
{
"cve": "CVE-2025-21917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Flush the notify_hotplug_work\n\nWhen performing continuous unbind/bind operations on the USB drivers\navailable on the Renesas RZ/G2L SoC, a kernel crash with the message\n\"Unable to handle kernel NULL pointer dereference at virtual address\"\nmay occur. This issue points to the usbhsc_notify_hotplug() function.\n\nFlush the delayed work to avoid its execution when driver resources are\nunavailable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21917",
"url": "https://www.suse.com/security/cve/CVE-2025-21917"
},
{
"category": "external",
"summary": "SUSE Bug 1240596 for CVE-2025-21917",
"url": "https://bugzilla.suse.com/1240596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21917"
},
{
"cve": "CVE-2025-21918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21918",
"url": "https://www.suse.com/security/cve/CVE-2025-21918"
},
{
"category": "external",
"summary": "SUSE Bug 1240592 for CVE-2025-21918",
"url": "https://bugzilla.suse.com/1240592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21918"
},
{
"cve": "CVE-2025-21919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21919"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix potential memory corruption in child_cfs_rq_on_list\n\nchild_cfs_rq_on_list attempts to convert a \u0027prev\u0027 pointer to a cfs_rq.\nThis \u0027prev\u0027 pointer can originate from struct rq\u0027s leaf_cfs_rq_list,\nmaking the conversion invalid and potentially leading to memory\ncorruption. Depending on the relative positions of leaf_cfs_rq_list and\nthe task group (tg) pointer within the struct, this can cause a memory\nfault or access garbage data.\n\nThe issue arises in list_add_leaf_cfs_rq, where both\ncfs_rq-\u003eleaf_cfs_rq_list and rq-\u003eleaf_cfs_rq_list are added to the same\nleaf list. Also, rq-\u003etmp_alone_branch can be set to rq-\u003eleaf_cfs_rq_list.\n\nThis adds a check `if (prev == \u0026rq-\u003eleaf_cfs_rq_list)` after the main\nconditional in child_cfs_rq_on_list. This ensures that the container_of\noperation will convert a correct cfs_rq struct.\n\nThis check is sufficient because only cfs_rqs on the same CPU are added\nto the list, so verifying the \u0027prev\u0027 pointer against the current rq\u0027s list\nhead is enough.\n\nFixes a potential memory corruption issue that due to current struct\nlayout might not be manifesting as a crash but could lead to unpredictable\nbehavior when the layout changes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21919",
"url": "https://www.suse.com/security/cve/CVE-2025-21919"
},
{
"category": "external",
"summary": "SUSE Bug 1240593 for CVE-2025-21919",
"url": "https://bugzilla.suse.com/1240593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21919"
},
{
"cve": "CVE-2025-21922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an \"KMSAN: uninit-value\" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n\u0027\u0027\u0027\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, \u0026fp, \"ip and outbound\", 0, 0);\nbpf_dump(\u0026fp, 1);\n\u0027\u0027\u0027\nIts output is:\n\u0027\u0027\u0027\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n\u0027\u0027\u0027\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n\u0027Protocol\u0027 field to determine if it\u0027s an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won\u0027t be\nused, so it\u0027s not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC\u0026x=11994913980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21922",
"url": "https://www.suse.com/security/cve/CVE-2025-21922"
},
{
"category": "external",
"summary": "SUSE Bug 1240639 for CVE-2025-21922",
"url": "https://bugzilla.suse.com/1240639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21922"
},
{
"cve": "CVE-2025-21923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21923",
"url": "https://www.suse.com/security/cve/CVE-2025-21923"
},
{
"category": "external",
"summary": "SUSE Bug 1240691 for CVE-2025-21923",
"url": "https://bugzilla.suse.com/1240691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21923"
},
{
"cve": "CVE-2025-21924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21924",
"url": "https://www.suse.com/security/cve/CVE-2025-21924"
},
{
"category": "external",
"summary": "SUSE Bug 1240720 for CVE-2025-21924",
"url": "https://bugzilla.suse.com/1240720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21924"
},
{
"cve": "CVE-2025-21925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: do not use skb_get() before dev_queue_xmit()\n\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\n\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\n\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\n\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\n\nWe need to audit other skb_get() uses in net/llc.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n \u003cTASK\u003e\n __skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n __skb_put_padto include/linux/skbuff.h:3843 [inline]\n skb_put_padto include/linux/skbuff.h:3862 [inline]\n eth_skb_pad include/linux/etherdevice.h:656 [inline]\n e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n xmit_one net/core/dev.c:3806 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:4045 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\n dev_queue_xmit include/linux/netdevice.h:3313 [inline]\n llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\n llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21925",
"url": "https://www.suse.com/security/cve/CVE-2025-21925"
},
{
"category": "external",
"summary": "SUSE Bug 1240713 for CVE-2025-21925",
"url": "https://bugzilla.suse.com/1240713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21925"
},
{
"cve": "CVE-2025-21926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: fix ownership in __udp_gso_segment\n\nIn __udp_gso_segment the skb destructor is removed before segmenting the\nskb but the socket reference is kept as-is. This is an issue if the\noriginal skb is later orphaned as we can hit the following bug:\n\n kernel BUG at ./include/linux/skbuff.h:3312! (skb_orphan)\n RIP: 0010:ip_rcv_core+0x8b2/0xca0\n Call Trace:\n ip_rcv+0xab/0x6e0\n __netif_receive_skb_one_core+0x168/0x1b0\n process_backlog+0x384/0x1100\n __napi_poll.constprop.0+0xa1/0x370\n net_rx_action+0x925/0xe50\n\nThe above can happen following a sequence of events when using\nOpenVSwitch, when an OVS_ACTION_ATTR_USERSPACE action precedes an\nOVS_ACTION_ATTR_OUTPUT action:\n\n1. OVS_ACTION_ATTR_USERSPACE is handled (in do_execute_actions): the skb\n goes through queue_gso_packets and then __udp_gso_segment, where its\n destructor is removed.\n2. The segments\u0027 data are copied and sent to userspace.\n3. OVS_ACTION_ATTR_OUTPUT is handled (in do_execute_actions) and the\n same original skb is sent to its path.\n4. If it later hits skb_orphan, we hit the bug.\n\nFix this by also removing the reference to the socket in\n__udp_gso_segment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21926",
"url": "https://www.suse.com/security/cve/CVE-2025-21926"
},
{
"category": "external",
"summary": "SUSE Bug 1240712 for CVE-2025-21926",
"url": "https://bugzilla.suse.com/1240712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21926"
},
{
"cve": "CVE-2025-21927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn\u0027t check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21927",
"url": "https://www.suse.com/security/cve/CVE-2025-21927"
},
{
"category": "external",
"summary": "SUSE Bug 1240714 for CVE-2025-21927",
"url": "https://bugzilla.suse.com/1240714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21927"
},
{
"cve": "CVE-2025-21928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21928",
"url": "https://www.suse.com/security/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "SUSE Bug 1240722 for CVE-2025-21928",
"url": "https://bugzilla.suse.com/1240722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21928"
},
{
"cve": "CVE-2025-21929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()\n\nDuring the `rmmod` operation for the `intel_ishtp_hid` driver, a\nuse-after-free issue can occur in the hid_ishtp_cl_remove() function.\nThe function hid_ishtp_cl_deinit() is called before ishtp_hid_remove(),\nwhich can lead to accessing freed memory or resources during the\nremoval process.\n\nCall Trace:\n ? ishtp_cl_send+0x168/0x220 [intel_ishtp]\n ? hid_output_report+0xe3/0x150 [hid]\n hid_ishtp_set_feature+0xb5/0x120 [intel_ishtp_hid]\n ishtp_hid_request+0x7b/0xb0 [intel_ishtp_hid]\n hid_hw_request+0x1f/0x40 [hid]\n sensor_hub_set_feature+0x11f/0x190 [hid_sensor_hub]\n _hid_sensor_power_state+0x147/0x1e0 [hid_sensor_trigger]\n hid_sensor_runtime_resume+0x22/0x30 [hid_sensor_trigger]\n sensor_hub_remove+0xa8/0xe0 [hid_sensor_hub]\n hid_device_remove+0x49/0xb0 [hid]\n hid_destroy_device+0x6f/0x90 [hid]\n ishtp_hid_remove+0x42/0x70 [intel_ishtp_hid]\n hid_ishtp_cl_remove+0x6b/0xb0 [intel_ishtp_hid]\n ishtp_cl_device_remove+0x4a/0x60 [intel_ishtp]\n ...\n\nAdditionally, ishtp_hid_remove() is a HID level power off, which should\noccur before the ISHTP level disconnect.\n\nThis patch resolves the issue by reordering the calls in\nhid_ishtp_cl_remove(). The function ishtp_hid_remove() is now\ncalled before hid_ishtp_cl_deinit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21929",
"url": "https://www.suse.com/security/cve/CVE-2025-21929"
},
{
"category": "external",
"summary": "SUSE Bug 1240711 for CVE-2025-21929",
"url": "https://bugzilla.suse.com/1240711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21929"
},
{
"cve": "CVE-2025-21930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t try to talk to a dead firmware\n\nThis fixes:\n\n bad state = 0\n WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xca/0x1c0\n ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a]\n\nAsk whether the firmware is alive before sending a command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21930",
"url": "https://www.suse.com/security/cve/CVE-2025-21930"
},
{
"category": "external",
"summary": "SUSE Bug 1240715 for CVE-2025-21930",
"url": "https://bugzilla.suse.com/1240715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21930"
},
{
"cve": "CVE-2025-21931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\n\nCommit b15c87263a69 (\"hwpoison, memory_hotplug: allow hwpoisoned pages to\nbe offlined) add page poison checks in do_migrate_range in order to make\noffline hwpoisoned page possible by introducing isolate_lru_page and\ntry_to_unmap for hwpoisoned page. However folio lock must be held before\ncalling try_to_unmap. Add it to fix this problem.\n\nWarning will be produced if folio is not locked during unmap:\n\n ------------[ cut here ]------------\n kernel BUG at ./include/linux/swapops.h:400!\n Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n Modules linked in:\n CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\n Tainted: [W]=WARN\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : try_to_unmap_one+0xb08/0xd3c\n lr : try_to_unmap_one+0x3dc/0xd3c\n Call trace:\n try_to_unmap_one+0xb08/0xd3c (P)\n try_to_unmap_one+0x3dc/0xd3c (L)\n rmap_walk_anon+0xdc/0x1f8\n rmap_walk+0x3c/0x58\n try_to_unmap+0x88/0x90\n unmap_poisoned_folio+0x30/0xa8\n do_migrate_range+0x4a0/0x568\n offline_pages+0x5a4/0x670\n memory_block_action+0x17c/0x374\n memory_subsys_offline+0x3c/0x78\n device_offline+0xa4/0xd0\n state_store+0x8c/0xf0\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x44/0x54\n kernfs_fop_write_iter+0x118/0x1a8\n vfs_write+0x3a8/0x4bc\n ksys_write+0x6c/0xf8\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x44/0x100\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xd0\n el0t_64_sync_handler+0xc8/0xcc\n el0t_64_sync+0x198/0x19c\n Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21931",
"url": "https://www.suse.com/security/cve/CVE-2025-21931"
},
{
"category": "external",
"summary": "SUSE Bug 1240709 for CVE-2025-21931",
"url": "https://bugzilla.suse.com/1240709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21931"
},
{
"cve": "CVE-2025-21934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails. Thus, put_device() should be used rather than kfree(). Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21934",
"url": "https://www.suse.com/security/cve/CVE-2025-21934"
},
{
"category": "external",
"summary": "SUSE Bug 1240708 for CVE-2025-21934",
"url": "https://bugzilla.suse.com/1240708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21934"
},
{
"cve": "CVE-2025-21935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: add check for rio_add_net() in rio_scan_alloc_net()\n\nThe return value of rio_add_net() should be checked. If it fails,\nput_device() should be called to free the memory and give up the reference\ninitialized in rio_add_net().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21935",
"url": "https://www.suse.com/security/cve/CVE-2025-21935"
},
{
"category": "external",
"summary": "SUSE Bug 1240700 for CVE-2025-21935",
"url": "https://bugzilla.suse.com/1240700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21935"
},
{
"cve": "CVE-2025-21936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_device_connected() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21936",
"url": "https://www.suse.com/security/cve/CVE-2025-21936"
},
{
"category": "external",
"summary": "SUSE Bug 1240716 for CVE-2025-21936",
"url": "https://bugzilla.suse.com/1240716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21936"
},
{
"cve": "CVE-2025-21937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_remote_name() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21937",
"url": "https://www.suse.com/security/cve/CVE-2025-21937"
},
{
"category": "external",
"summary": "SUSE Bug 1240643 for CVE-2025-21937",
"url": "https://bugzilla.suse.com/1240643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21937"
},
{
"cve": "CVE-2025-21941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx-\u003eplane_state\nis null. The fix adds a check to ensure \u0027pipe_ctx-\u003eplane_state\u0027 is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21941",
"url": "https://www.suse.com/security/cve/CVE-2025-21941"
},
{
"category": "external",
"summary": "SUSE Bug 1240701 for CVE-2025-21941",
"url": "https://bugzilla.suse.com/1240701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21941"
},
{
"cve": "CVE-2025-21943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n #!/bin/bash\n while :; do\n # note: whether \u0027gpiochip0 0\u0027 exists or not does not matter.\n echo \u0027gpiochip0 0\u0027 \u003e /sys/bus/platform/drivers/gpio-aggregator/new_device\n done \u0026\n while :; do\n modprobe gpio-aggregator\n modprobe -r gpio-aggregator\n done \u0026\n wait\n\n Starting with the following warning, several kinds of warnings will appear\n and the system may become unstable:\n\n ------------[ cut here ]------------\n list_del corruption, ffff888103e2e980-\u003enext is LIST_POISON1 (dead000000000100)\n WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n [...]\n RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? __warn.cold+0x93/0xf2\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? report_bug+0xe6/0x170\n ? __irq_work_queue_local+0x39/0xe0\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_del_entry_valid_or_report+0xa3/0x120\n gpiod_remove_lookup_table+0x22/0x60\n new_device_store+0x315/0x350 [gpio_aggregator]\n kernfs_fop_write_iter+0x137/0x1f0\n vfs_write+0x262/0x430\n ksys_write+0x60/0xd0\n do_syscall_64+0x6c/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21943",
"url": "https://www.suse.com/security/cve/CVE-2025-21943"
},
{
"category": "external",
"summary": "SUSE Bug 1240647 for CVE-2025-21943",
"url": "https://bugzilla.suse.com/1240647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21943"
},
{
"cve": "CVE-2025-21948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appleir: Fix potential NULL dereference at raw event handle\n\nSyzkaller reports a NULL pointer dereference issue in input_event().\n\nBUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline]\nBUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395\nRead of size 8 at addr 0000000000000028 by task syz-executor199/2949\n\nCPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n is_event_supported drivers/input/input.c:67 [inline]\n input_event+0x42/0xa0 drivers/input/input.c:395\n input_report_key include/linux/input.h:439 [inline]\n key_down drivers/hid/hid-appleir.c:159 [inline]\n appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232\n __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111\n hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484\n __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650\n usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734\n dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993\n __run_hrtimer kernel/time/hrtimer.c:1739 [inline]\n __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803\n hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820\n handle_softirqs+0x206/0x8d0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185\n add_timer+0x62/0x90 kernel/time/timer.c:1295\n schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98\n usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645\n usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784\n hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThis happens due to the malformed report items sent by the emulated device\nwhich results in a report, that has no fields, being added to the report list.\nDue to this appleir_input_configured() is never called, hidinput_connect()\nfails which results in the HID_CLAIMED_INPUT flag is not being set. However,\nit does not make appleir_probe() fail and lets the event callback to be\ncalled without the associated input device.\n\nThus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook\nearly if the driver didn\u0027t claim any input_dev for some reason. Moreover,\nsome other hid drivers accessing input_dev in their event callbacks do have\nsimilar checks, too.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21948",
"url": "https://www.suse.com/security/cve/CVE-2025-21948"
},
{
"category": "external",
"summary": "SUSE Bug 1240703 for CVE-2025-21948",
"url": "https://bugzilla.suse.com/1240703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21948"
},
{
"cve": "CVE-2025-21950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl\n\nIn the \"pmcmd_ioctl\" function, three memory objects allocated by\nkmalloc are initialized by \"hcall_get_cpu_state\", which are then\ncopied to user space. The initializer is indeed implemented in\n\"acrn_hypercall2\" (arch/x86/include/asm/acrn.h). There is a risk of\ninformation leakage due to uninitialized bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21950",
"url": "https://www.suse.com/security/cve/CVE-2025-21950"
},
{
"category": "external",
"summary": "SUSE Bug 1240719 for CVE-2025-21950",
"url": "https://bugzilla.suse.com/1240719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21950"
},
{
"cve": "CVE-2025-21951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message \"Recovery failed\" as not\nmuch could be done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21951",
"url": "https://www.suse.com/security/cve/CVE-2025-21951"
},
{
"category": "external",
"summary": "SUSE Bug 1240718 for CVE-2025-21951",
"url": "https://bugzilla.suse.com/1240718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21951"
},
{
"cve": "CVE-2025-21953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up mana_port_debugfs value and hits the following bug:\n\n[ 191.359296] mana 7870:00:00.0: Shutdown was called\n[ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 191.360584] #PF: supervisor write access in kernel mode\n[ 191.361125] #PF: error_code(0x0002) - not-present page\n[ 191.361727] PGD 1080ea067 P4D 0\n[ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 191.364124] RIP: 0010:down_write+0x19/0x50\n[ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 \u003cf0\u003e 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 191.372906] Call Trace:\n[ 191.373262] \u003cTASK\u003e\n[ 191.373621] ? show_regs+0x64/0x70\n[ 191.374040] ? __die+0x24/0x70\n[ 191.374468] ? page_fault_oops+0x290/0x5b0\n[ 191.374875] ? do_user_addr_fault+0x448/0x800\n[ 191.375357] ? exc_page_fault+0x7a/0x160\n[ 191.375971] ? asm_exc_page_fault+0x27/0x30\n[ 191.376416] ? down_write+0x19/0x50\n[ 191.376832] ? down_write+0x12/0x50\n[ 191.377232] simple_recursive_removal+0x4a/0x2a0\n[ 191.377679] ? __pfx_remove_one+0x10/0x10\n[ 191.378088] debugfs_remove+0x44/0x70\n[ 191.378530] mana_detach+0x17c/0x4f0\n[ 191.378950] ? __flush_work+0x1e2/0x3b0\n[ 191.379362] ? __cond_resched+0x1a/0x50\n[ 191.379787] mana_remove+0xf2/0x1a0\n[ 191.380193] mana_gd_shutdown+0x3b/0x70\n[ 191.380642] pci_device_shutdown+0x3a/0x80\n[ 191.381063] device_shutdown+0x13e/0x230\n[ 191.381480] kernel_power_off+0x35/0x80\n[ 191.381890] hibernate+0x3c6/0x470\n[ 191.382312] state_store+0xcb/0xd0\n[ 191.382734] kobj_attr_store+0x12/0x30\n[ 191.383211] sysfs_kf_write+0x3e/0x50\n[ 191.383640] kernfs_fop_write_iter+0x140/0x1d0\n[ 191.384106] vfs_write+0x271/0x440\n[ 191.384521] ksys_write+0x72/0xf0\n[ 191.384924] __x64_sys_write+0x19/0x20\n[ 191.385313] x64_sys_call+0x2b0/0x20b0\n[ 191.385736] do_syscall_64+0x79/0x150\n[ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240\n[ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0\n[ 191.387124] ? __pfx_lru_add+0x10/0x10\n[ 191.387515] ? queued_spin_unlock+0x9/0x10\n[ 191.387937] ? do_anonymous_page+0x33c/0xa00\n[ 191.388374] ? __handle_mm_fault+0xcf3/0x1210\n[ 191.388805] ? __count_memcg_events+0xbe/0x180\n[ 191.389235] ? handle_mm_fault+0xae/0x300\n[ 19\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21953",
"url": "https://www.suse.com/security/cve/CVE-2025-21953"
},
{
"category": "external",
"summary": "SUSE Bug 1240727 for CVE-2025-21953",
"url": "https://bugzilla.suse.com/1240727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21953"
},
{
"cve": "CVE-2025-21956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n\n[WHY \u0026 HOW]\nA warning message \"WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]\" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\n\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\n\nAlso fixes the indentation in get_norm_pix_clk.\n\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21956",
"url": "https://www.suse.com/security/cve/CVE-2025-21956"
},
{
"category": "external",
"summary": "SUSE Bug 1240739 for CVE-2025-21956",
"url": "https://bugzilla.suse.com/1240739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21956"
},
{
"cve": "CVE-2025-21957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla1280: Fix kernel oops when debug level \u003e 2\n\nA null dereference or oops exception will eventually occur when qla1280.c\ndriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level \u003e 2. I\nthink its clear from the code that the intention here is sg_dma_len(s) not\nlength of sg_next(s) when printing the debug info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21957",
"url": "https://www.suse.com/security/cve/CVE-2025-21957"
},
{
"category": "external",
"summary": "SUSE Bug 1240742 for CVE-2025-21957",
"url": "https://bugzilla.suse.com/1240742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21957"
},
{
"cve": "CVE-2025-21960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff \u003c0f\u003e 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21960",
"url": "https://www.suse.com/security/cve/CVE-2025-21960"
},
{
"category": "external",
"summary": "SUSE Bug 1240815 for CVE-2025-21960",
"url": "https://bugzilla.suse.com/1240815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21960"
},
{
"cve": "CVE-2025-21961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix truesize for mb-xdp-pass case\n\nWhen mb-xdp is set and return is XDP_PASS, packet is converted from\nxdp_buff to sk_buff with xdp_update_skb_shared_info() in\nbnxt_xdp_build_skb().\nbnxt_xdp_build_skb() passes incorrect truesize argument to\nxdp_update_skb_shared_info().\nThe truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo-\u003enr_frags but\nthe skb_shared_info was wiped by napi_build_skb() before.\nSo it stores sinfo-\u003enr_frags before bnxt_xdp_build_skb() and use it\ninstead of getting skb_shared_info from xdp_get_shared_info_from_buff().\n\nSplat looks like:\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590\n Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms\n CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3\n RIP: 0010:skb_try_coalesce+0x504/0x590\n Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff \u003c0f\u003e 0b e99\n RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287\n RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0\n RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003\n RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900\n R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740\n R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __warn+0x84/0x130\n ? skb_try_coalesce+0x504/0x590\n ? report_bug+0x18a/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_try_coalesce+0x504/0x590\n inet_frag_reasm_finish+0x11f/0x2e0\n ip_defrag+0x37a/0x900\n ip_local_deliver+0x51/0x120\n ip_sublist_rcv_finish+0x64/0x70\n ip_sublist_rcv+0x179/0x210\n ip_list_rcv+0xf9/0x130\n\nHow to reproduce:\n\u003cNode A\u003e\nip link set $interface1 xdp obj xdp_pass.o\nip link set $interface1 mtu 9000 up\nip a a 10.0.0.1/24 dev $interface1\n\u003cNode B\u003e\nip link set $interfac2 mtu 9000 up\nip a a 10.0.0.2/24 dev $interface2\nping 10.0.0.1 -s 65000\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going to be\nable to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21961",
"url": "https://www.suse.com/security/cve/CVE-2025-21961"
},
{
"category": "external",
"summary": "SUSE Bug 1240816 for CVE-2025-21961",
"url": "https://bugzilla.suse.com/1240816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21961"
},
{
"cve": "CVE-2025-21962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21962"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing closetimeo mount option\n\nUser-provided mount parameter closetimeo of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21962",
"url": "https://www.suse.com/security/cve/CVE-2025-21962"
},
{
"category": "external",
"summary": "SUSE Bug 1240655 for CVE-2025-21962",
"url": "https://bugzilla.suse.com/1240655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21962"
},
{
"cve": "CVE-2025-21963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acdirmax mount option\n\nUser-provided mount parameter acdirmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21963",
"url": "https://www.suse.com/security/cve/CVE-2025-21963"
},
{
"category": "external",
"summary": "SUSE Bug 1240717 for CVE-2025-21963",
"url": "https://bugzilla.suse.com/1240717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21963"
},
{
"cve": "CVE-2025-21964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acregmax mount option\n\nUser-provided mount parameter acregmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21964",
"url": "https://www.suse.com/security/cve/CVE-2025-21964"
},
{
"category": "external",
"summary": "SUSE Bug 1240740 for CVE-2025-21964",
"url": "https://bugzilla.suse.com/1240740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21964"
},
{
"cve": "CVE-2025-21966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-flakey: Fix memory corruption in optional corrupt_bio_byte feature\n\nFix memory corruption due to incorrect parameter being passed to bio_init",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21966",
"url": "https://www.suse.com/security/cve/CVE-2025-21966"
},
{
"category": "external",
"summary": "SUSE Bug 1240779 for CVE-2025-21966",
"url": "https://bugzilla.suse.com/1240779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21966"
},
{
"cve": "CVE-2025-21968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free on hdcp_work\n\n[Why]\nA slab-use-after-free is reported when HDCP is destroyed but the\nproperty_validate_dwork queue is still running.\n\n[How]\nCancel the delayed work when destroying workqueue.\n\n(cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21968",
"url": "https://www.suse.com/security/cve/CVE-2025-21968"
},
{
"category": "external",
"summary": "SUSE Bug 1240783 for CVE-2025-21968",
"url": "https://bugzilla.suse.com/1240783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21968"
},
{
"cve": "CVE-2025-21969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21969",
"url": "https://www.suse.com/security/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "SUSE Bug 1240784 for CVE-2025-21969",
"url": "https://bugzilla.suse.com/1240784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21969"
},
{
"cve": "CVE-2025-21970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Bridge, fix the crash caused by LAG state check\n\nWhen removing LAG device from bridge, NETDEV_CHANGEUPPER event is\ntriggered. Driver finds the lower devices (PFs) to flush all the\noffloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns\nfalse if one of PF is unloaded. In such case,\nmlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of\nthe alive PF, and the flush is skipped.\n\nBesides, the bridge fdb entry\u0027s lastuse is updated in mlx5 bridge\nevent handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be\nignored in this case because the upper interface for bond is deleted,\nand the entry will never be aged because lastuse is never updated.\n\nTo make things worse, as the entry is alive, mlx5 bridge workqueue\nkeeps sending that event, which is then handled by kernel bridge\nnotifier. It causes the following crash when accessing the passed bond\nnetdev which is already destroyed.\n\nTo fix this issue, remove such checks. LAG state is already checked in\ncommit 15f8f168952f (\"net/mlx5: Bridge, verify LAG state when adding\nbond to bridge\"), driver still need to skip offload if LAG becomes\ninvalid state after initialization.\n\n Oops: stack segment: 0000 [#1] SMP\n CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core]\n RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge]\n Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 \u003c4c\u003e 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7\n RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297\n RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff\n RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0\n RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60\n R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? die+0x38/0x60\n ? do_trap+0x10b/0x120\n ? do_error_trap+0x64/0xa0\n ? exc_stack_segment+0x33/0x50\n ? asm_exc_stack_segment+0x22/0x30\n ? br_switchdev_event+0x2c/0x110 [bridge]\n ? sched_balance_newidle.isra.149+0x248/0x390\n notifier_call_chain+0x4b/0xa0\n atomic_notifier_call_chain+0x16/0x20\n mlx5_esw_bridge_update+0xec/0x170 [mlx5_core]\n mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core]\n process_scheduled_works+0x81/0x390\n worker_thread+0x106/0x250\n ? bh_worker+0x110/0x110\n kthread+0xb7/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21970",
"url": "https://www.suse.com/security/cve/CVE-2025-21970"
},
{
"category": "external",
"summary": "SUSE Bug 1240819 for CVE-2025-21970",
"url": "https://bugzilla.suse.com/1240819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21970"
},
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-21972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: unshare packets when reassembling\n\nEnsure that the frag_list used for reassembly isn\u0027t shared with other\npackets. This avoids incorrect reassembly when packets are cloned, and\nprevents a memory leak due to circular references between fragments and\ntheir skb_shared_info.\n\nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the\nproblem - other MCTP drivers don\u0027t share SKBs.\n\nA kunit test is added to reproduce the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21972",
"url": "https://www.suse.com/security/cve/CVE-2025-21972"
},
{
"category": "external",
"summary": "SUSE Bug 1240813 for CVE-2025-21972",
"url": "https://bugzilla.suse.com/1240813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21972"
},
{
"cve": "CVE-2025-21973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx}\n\nWhen qstats-get operation is executed, callbacks of netdev_stats_ops\nare called. The bnxt_get_queue_stats{rx | tx} collect per-queue stats\nfrom sw_stats in the rings.\nBut {rx | tx | cp}_ring are allocated when the interface is up.\nSo, these rings are not allocated when the interface is down.\n\nThe qstats-get is allowed even if the interface is down. However,\nthe bnxt_get_queue_stats{rx | tx}() accesses cp_ring and tx_ring\nwithout null check.\nSo, it needs to avoid accessing rings if the interface is down.\n\nReproducer:\n ip link set $interface down\n ./cli.py --spec netdev.yaml --dump qstats-get\nOR\n ip link set $interface down\n python ./stats.py\n\nSplat looks like:\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 1680fa067 P4D 1680fa067 PUD 16be3b067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 UID: 0 PID: 1495 Comm: python3 Not tainted 6.14.0-rc4+ #32 5cd0f999d5a15c574ac72b3e4b907341\n Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\n RIP: 0010:bnxt_get_queue_stats_rx+0xf/0x70 [bnxt_en]\n Code: c6 87 b5 18 00 00 02 eb a2 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 01\n RSP: 0018:ffffabef43cdb7e0 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffffffffc04c8710 RCX: 0000000000000000\n RDX: ffffabef43cdb858 RSI: 0000000000000000 RDI: ffff8d504e850000\n RBP: ffff8d506c9f9c00 R08: 0000000000000004 R09: ffff8d506bcd901c\n R10: 0000000000000015 R11: ffff8d506bcd9000 R12: 0000000000000000\n R13: ffffabef43cdb8c0 R14: ffff8d504e850000 R15: 0000000000000000\n FS: 00007f2c5462b080(0000) GS:ffff8d575f600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000167fd0000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x70\n ? page_fault_oops+0x15a/0x460\n ? sched_balance_find_src_group+0x58d/0xd10\n ? exc_page_fault+0x6e/0x180\n ? asm_exc_page_fault+0x22/0x30\n ? bnxt_get_queue_stats_rx+0xf/0x70 [bnxt_en cdd546fd48563c280cfd30e9647efa420db07bf1]\n netdev_nl_stats_by_netdev+0x2b1/0x4e0\n ? xas_load+0x9/0xb0\n ? xas_find+0x183/0x1d0\n ? xa_find+0x8b/0xe0\n netdev_nl_qstats_get_dumpit+0xbf/0x1e0\n genl_dumpit+0x31/0x90\n netlink_dump+0x1a8/0x360",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21973",
"url": "https://www.suse.com/security/cve/CVE-2025-21973"
},
{
"category": "external",
"summary": "SUSE Bug 1240803 for CVE-2025-21973",
"url": "https://bugzilla.suse.com/1240803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21973"
},
{
"cve": "CVE-2025-21974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc()\n\nThe bnxt_queue_mem_alloc() is called to allocate new queue memory when\na queue is restarted.\nIt internally accesses rx buffer descriptor corresponding to the index.\nThe rx buffer descriptor is allocated and set when the interface is up\nand it\u0027s freed when the interface is down.\nSo, if queue is restarted if interface is down, kernel panic occurs.\n\nSplat looks like:\n BUG: unable to handle page fault for address: 000000000000b240\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 3 UID: 0 PID: 1563 Comm: ncdevmem2 Not tainted 6.14.0-rc2+ #9 844ddba6e7c459cafd0bf4db9a3198e\n Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\n RIP: 0010:bnxt_queue_mem_alloc+0x3f/0x4e0 [bnxt_en]\n Code: 41 54 4d 89 c4 4d 69 c0 c0 05 00 00 55 48 89 f5 53 48 89 fb 4c 8d b5 40 05 00 00 48 83 ec 15\n RSP: 0018:ffff9dcc83fef9e8 EFLAGS: 00010202\n RAX: ffffffffc0457720 RBX: ffff934ed8d40000 RCX: 0000000000000000\n RDX: 000000000000001f RSI: ffff934ea508f800 RDI: ffff934ea508f808\n RBP: ffff934ea508f800 R08: 000000000000b240 R09: ffff934e84f4b000\n R10: ffff9dcc83fefa30 R11: ffff934e84f4b000 R12: 000000000000001f\n R13: ffff934ed8d40ac0 R14: ffff934ea508fd40 R15: ffff934e84f4b000\n FS: 00007fa73888c740(0000) GS:ffff93559f780000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000b240 CR3: 0000000145a2e000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x70\n ? page_fault_oops+0x15a/0x460\n ? exc_page_fault+0x6e/0x180\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_bnxt_queue_mem_alloc+0x10/0x10 [bnxt_en 7f85e76f4d724ba07471d7e39d9e773aea6597b7]\n ? bnxt_queue_mem_alloc+0x3f/0x4e0 [bnxt_en 7f85e76f4d724ba07471d7e39d9e773aea6597b7]\n netdev_rx_queue_restart+0xc5/0x240\n net_devmem_bind_dmabuf_to_queue+0xf8/0x200\n netdev_nl_bind_rx_doit+0x3a7/0x450\n genl_family_rcv_msg_doit+0xd9/0x130\n genl_rcv_msg+0x184/0x2b0\n ? __pfx_netdev_nl_bind_rx_doit+0x10/0x10\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21974",
"url": "https://www.suse.com/security/cve/CVE-2025-21974"
},
{
"category": "external",
"summary": "SUSE Bug 1240800 for CVE-2025-21974",
"url": "https://bugzilla.suse.com/1240800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21974"
},
{
"cve": "CVE-2025-21975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: handle errors in mlx5_chains_create_table()\n\nIn mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns()\nand mlx5_get_flow_namespace() must be checked to prevent NULL pointer\ndereferences. If either function fails, the function should log error\nmessage with mlx5_core_warn() and return error pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21975",
"url": "https://www.suse.com/security/cve/CVE-2025-21975"
},
{
"category": "external",
"summary": "SUSE Bug 1240812 for CVE-2025-21975",
"url": "https://bugzilla.suse.com/1240812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21975"
},
{
"cve": "CVE-2025-21978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hyperv: Fix address space leak when Hyper-V DRM device is removed\n\nWhen a Hyper-V DRM device is probed, the driver allocates MMIO space for\nthe vram, and maps it cacheable. If the device removed, or in the error\npath for device probing, the MMIO space is released but no unmap is done.\nConsequently the kernel address space for the mapping is leaked.\n\nFix this by adding iounmap() calls in the device removal path, and in the\nerror path during device probing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21978",
"url": "https://www.suse.com/security/cve/CVE-2025-21978"
},
{
"category": "external",
"summary": "SUSE Bug 1240806 for CVE-2025-21978",
"url": "https://bugzilla.suse.com/1240806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21978"
},
{
"cve": "CVE-2025-21979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit\u0027ll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21979",
"url": "https://www.suse.com/security/cve/CVE-2025-21979"
},
{
"category": "external",
"summary": "SUSE Bug 1240808 for CVE-2025-21979",
"url": "https://bugzilla.suse.com/1240808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21979"
},
{
"cve": "CVE-2025-21980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: address a potential NULL pointer dereference in the GRED scheduler.\n\nIf kzalloc in gred_init returns a NULL pointer, the code follows the\nerror handling path, invoking gred_destroy. This, in turn, calls\ngred_offload, where memset could receive a NULL pointer as input,\npotentially leading to a kernel crash.\n\nWhen table-\u003eopt is NULL in gred_init(), gred_change_table_def()\nis not called yet, so it is not necessary to call -\u003endo_setup_tc()\nin gred_offload().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21980",
"url": "https://www.suse.com/security/cve/CVE-2025-21980"
},
{
"category": "external",
"summary": "SUSE Bug 1240809 for CVE-2025-21980",
"url": "https://bugzilla.suse.com/1240809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21980"
},
{
"cve": "CVE-2025-21981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n comm \"kworker/0:0\", pid 8, jiffies 4296833052\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n [\u003cffffffff991ec485\u003e] __kmalloc_cache_noprof+0x275/0x340\n [\u003cffffffffc0a6e06a\u003e] ice_init_arfs+0x3a/0xe0 [ice]\n [\u003cffffffffc09f1027\u003e] ice_vsi_cfg_def+0x607/0x850 [ice]\n [\u003cffffffffc09f244b\u003e] ice_vsi_setup+0x5b/0x130 [ice]\n [\u003cffffffffc09c2131\u003e] ice_init+0x1c1/0x460 [ice]\n [\u003cffffffffc09c64af\u003e] ice_probe+0x2af/0x520 [ice]\n [\u003cffffffff994fbcd3\u003e] local_pci_probe+0x43/0xa0\n [\u003cffffffff98f07103\u003e] work_for_cpu_fn+0x13/0x20\n [\u003cffffffff98f0b6d9\u003e] process_one_work+0x179/0x390\n [\u003cffffffff98f0c1e9\u003e] worker_thread+0x239/0x340\n [\u003cffffffff98f14abc\u003e] kthread+0xcc/0x100\n [\u003cffffffff98e45a6d\u003e] ret_from_fork+0x2d/0x50\n [\u003cffffffff98e083ba\u003e] ret_from_fork_asm+0x1a/0x30\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21981",
"url": "https://www.suse.com/security/cve/CVE-2025-21981"
},
{
"category": "external",
"summary": "SUSE Bug 1240612 for CVE-2025-21981",
"url": "https://bugzilla.suse.com/1240612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21981"
},
{
"cve": "CVE-2025-21985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix out-of-bound accesses\n\n[WHAT \u0026 HOW]\nhpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4),\nbut location can have size up to 6. As a result, it is necessary to\ncheck location against MAX_HPO_DP2_ENCODERS.\n\nSimiliarly, disp_cfg_stream_location can be used as an array index which\nshould be 0..5, so the ASSERT\u0027s conditions should be less without equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21985",
"url": "https://www.suse.com/security/cve/CVE-2025-21985"
},
{
"category": "external",
"summary": "SUSE Bug 1240811 for CVE-2025-21985",
"url": "https://bugzilla.suse.com/1240811"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21985"
},
{
"cve": "CVE-2025-21989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21989"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix missing .is_two_pixels_per_container\n\nStarting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,\ndue to lack of .is_two_pixels_per_container function in dce60_tg_funcs,\ncauses a NULL pointer dereference on PCs with old GPUs, such as R9 280X.\n\nSo this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs.\n\n(cherry picked from commit bd4b125eb949785c6f8a53b0494e32795421209d)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21989",
"url": "https://www.suse.com/security/cve/CVE-2025-21989"
},
{
"category": "external",
"summary": "SUSE Bug 1240805 for CVE-2025-21989",
"url": "https://bugzilla.suse.com/1240805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21989"
},
{
"cve": "CVE-2025-21990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: NULL-check BO\u0027s backing store when determining GFX12 PTE flags\n\nPRT BOs may not have any backing store, so bo-\u003etbo.resource will be\nNULL. Check for that before dereferencing.\n\n(cherry picked from commit 3e3fcd29b505cebed659311337ea03b7698767fc)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21990",
"url": "https://www.suse.com/security/cve/CVE-2025-21990"
},
{
"category": "external",
"summary": "SUSE Bug 1240804 for CVE-2025-21990",
"url": "https://bugzilla.suse.com/1240804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21990"
},
{
"cve": "CVE-2025-21991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n \"Some memory may share the same node as a CPU, and others are provided as\n memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn\u0027t have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type \u0027unsigned long[512]\u0027\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21991",
"url": "https://www.suse.com/security/cve/CVE-2025-21991"
},
{
"category": "external",
"summary": "SUSE Bug 1240795 for CVE-2025-21991",
"url": "https://bugzilla.suse.com/1240795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21991"
},
{
"cve": "CVE-2025-21992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: ignore non-functional sensor in HP 5MP Camera\n\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n\n [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\n\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21992",
"url": "https://www.suse.com/security/cve/CVE-2025-21992"
},
{
"category": "external",
"summary": "SUSE Bug 1240796 for CVE-2025-21992",
"url": "https://bugzilla.suse.com/1240796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21992"
},
{
"cve": "CVE-2025-21993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21993",
"url": "https://www.suse.com/security/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "SUSE Bug 1240797 for CVE-2025-21993",
"url": "https://bugzilla.suse.com/1240797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21993"
},
{
"cve": "CVE-2025-21995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix fence reference count leak\n\nThe last_scheduled fence leaks when an entity is being killed and adding\nthe cleanup callback fails.\n\nDecrement the reference count of prev when dma_fence_add_callback()\nfails, ensuring proper balance.\n\n[phasta: add git tag info for stable kernel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21995",
"url": "https://www.suse.com/security/cve/CVE-2025-21995"
},
{
"category": "external",
"summary": "SUSE Bug 1240821 for CVE-2025-21995",
"url": "https://bugzilla.suse.com/1240821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21995"
},
{
"cve": "CVE-2025-21996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, \u0027size\u0027\nwill point to \u0027tmp\u0027 variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init \u0027tmp\u0027 with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21996",
"url": "https://www.suse.com/security/cve/CVE-2025-21996"
},
{
"category": "external",
"summary": "SUSE Bug 1240801 for CVE-2025-21996",
"url": "https://bugzilla.suse.com/1240801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21996"
},
{
"cve": "CVE-2025-21999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: fix UAF in proc_get_inode()\n\nFix race between rmmod and /proc/XXX\u0027s inode instantiation.\n\nThe bug is that pde-\u003eproc_ops don\u0027t belong to /proc, it belongs to a\nmodule, therefore dereferencing it after /proc entry has been registered\nis a bug unless use_pde/unuse_pde() pair has been used.\n\nuse_pde/unuse_pde can be avoided (2 atomic ops!) because pde-\u003eproc_ops\nnever changes so information necessary for inode instantiation can be\nsaved _before_ proc_register() in PDE itself and used later, avoiding\npde-\u003eproc_ops-\u003e... dereference.\n\n rmmod lookup\nsys_delete_module\n proc_lookup_de\n\t\t\t pde_get(de);\n\t\t\t proc_get_inode(dir-\u003ei_sb, de);\n mod-\u003eexit()\n proc_remove\n remove_proc_subtree\n proc_entry_rundown(de);\n free_module(mod);\n\n if (S_ISREG(inode-\u003ei_mode))\n\t if (de-\u003eproc_ops-\u003eproc_read_iter)\n --\u003e As module is already freed, will trigger UAF\n\nBUG: unable to handle page fault for address: fffffbfff80a702b\nPGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nRIP: 0010:proc_get_inode+0x302/0x6e0\nRSP: 0018:ffff88811c837998 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007\nRDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158\nRBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20\nR10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0\nR13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001\nFS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n proc_lookup_de+0x11f/0x2e0\n __lookup_slow+0x188/0x350\n walk_component+0x2ab/0x4f0\n path_lookupat+0x120/0x660\n filename_lookup+0x1ce/0x560\n vfs_statx+0xac/0x150\n __do_sys_newstat+0x96/0x110\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[adobriyan@gmail.com: don\u0027t do 2 atomic ops on the common path]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21999",
"url": "https://www.suse.com/security/cve/CVE-2025-21999"
},
{
"category": "external",
"summary": "SUSE Bug 1240802 for CVE-2025-21999",
"url": "https://bugzilla.suse.com/1240802"
},
{
"category": "external",
"summary": "SUSE Bug 1242579 for CVE-2025-21999",
"url": "https://bugzilla.suse.com/1242579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-21999"
},
{
"cve": "CVE-2025-22001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix integer overflow in qaic_validate_req()\n\nThese are u64 variables that come from the user via\nqaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that\nthe math doesn\u0027t have an integer wrapping bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22001",
"url": "https://www.suse.com/security/cve/CVE-2025-22001"
},
{
"category": "external",
"summary": "SUSE Bug 1240873 for CVE-2025-22001",
"url": "https://bugzilla.suse.com/1240873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22001"
},
{
"cve": "CVE-2025-22003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: fix out of bound read in strscpy() source\n\nCommit 7fdaf8966aae (\"can: ucan: use strscpy() to instead of strncpy()\")\nunintentionally introduced a one byte out of bound read on strscpy()\u0027s\nsource argument (which is kind of ironic knowing that strscpy() is meant\nto be a more secure alternative :)).\n\nLet\u0027s consider below buffers:\n\n dest[len + 1]; /* will be NUL terminated */\n src[len]; /* may not be NUL terminated */\n\nWhen doing:\n\n strncpy(dest, src, len);\n dest[len] = \u0027\\0\u0027;\n\nstrncpy() will read up to len bytes from src.\n\nOn the other hand:\n\n strscpy(dest, src, len + 1);\n\nwill read up to len + 1 bytes from src, that is to say, an out of bound\nread of one byte will occur on src if it is not NUL terminated. Note\nthat the src[len] byte is never copied, but strscpy() still needs to\nread it to check whether a truncation occurred or not.\n\nThis exact pattern happened in ucan.\n\nThe root cause is that the source is not NUL terminated. Instead of\ndoing a copy in a local buffer, directly NUL terminate it as soon as\nusb_control_msg() returns. With this, the local firmware_str[] variable\ncan be removed.\n\nOn top of this do a couple refactors:\n\n - ucan_ctl_payload-\u003eraw is only used for the firmware string, so\n rename it to ucan_ctl_payload-\u003efw_str and change its type from u8 to\n char.\n\n - ucan_device_request_in() is only used to retrieve the firmware\n string, so rename it to ucan_get_fw_str() and refactor it to make it\n directly handle all the string termination logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22003",
"url": "https://www.suse.com/security/cve/CVE-2025-22003"
},
{
"category": "external",
"summary": "SUSE Bug 1240825 for CVE-2025-22003",
"url": "https://bugzilla.suse.com/1240825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22003"
},
{
"cve": "CVE-2025-22004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix use after free in lec_send()\n\nThe -\u003esend() operation frees skb so save the length before calling\n-\u003esend() to avoid a use after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22004",
"url": "https://www.suse.com/security/cve/CVE-2025-22004"
},
{
"category": "external",
"summary": "SUSE Bug 1240835 for CVE-2025-22004",
"url": "https://bugzilla.suse.com/1240835"
},
{
"category": "external",
"summary": "SUSE Bug 1241090 for CVE-2025-22004",
"url": "https://bugzilla.suse.com/1241090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-22004"
},
{
"cve": "CVE-2025-22007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix error code in chan_alloc_skb_cb()\n\nThe chan_alloc_skb_cb() function is supposed to return error pointers on\nerror. Returning NULL will lead to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22007",
"url": "https://www.suse.com/security/cve/CVE-2025-22007"
},
{
"category": "external",
"summary": "SUSE Bug 1240829 for CVE-2025-22007",
"url": "https://bugzilla.suse.com/1240829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22007"
},
{
"cve": "CVE-2025-22008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: check that dummy regulator has been probed before using it\n\nDue to asynchronous driver probing there is a chance that the dummy\nregulator hasn\u0027t already been probed when first accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22008",
"url": "https://www.suse.com/security/cve/CVE-2025-22008"
},
{
"category": "external",
"summary": "SUSE Bug 1240942 for CVE-2025-22008",
"url": "https://bugzilla.suse.com/1240942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22008"
},
{
"cve": "CVE-2025-22009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n regulator_register()\n regulator_resolve_supply()\n kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the \u0027dummy\u0027 regulator driver is not completed\n(\u0027dummy_regulator_rdev\u0027 is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*). I haven\u0027t further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines. On the other hand I don\u0027t expect much\nboot time penalty by probing the \u0027dummy\u0027 regulator synchronously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22009",
"url": "https://www.suse.com/security/cve/CVE-2025-22009"
},
{
"category": "external",
"summary": "SUSE Bug 1240940 for CVE-2025-22009",
"url": "https://bugzilla.suse.com/1240940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22009"
},
{
"cve": "CVE-2025-22010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup during bt pages loop\n\nDriver runs a for-loop when allocating bt pages and mapping them with\nbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,\nit may require a considerable loop count. This will lead to soft lockup:\n\n watchdog: BUG: soft lockup - CPU#27 stuck for 22s!\n ...\n Call trace:\n hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]\n hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]\n alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x118/0x290\n\n watchdog: BUG: soft lockup - CPU#35 stuck for 23s!\n ...\n Call trace:\n hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]\n mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]\n alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x120/0x2bc\n\nAdd a cond_resched() to fix soft lockup during these loops. In order not\nto affect the allocation performance of normal-size buffer, set the loop\ncount of a 100GB MR as the threshold to call cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22010",
"url": "https://www.suse.com/security/cve/CVE-2025-22010"
},
{
"category": "external",
"summary": "SUSE Bug 1240943 for CVE-2025-22010",
"url": "https://bugzilla.suse.com/1240943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22010"
},
{
"cve": "CVE-2025-22013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state\n\nThere are several problems with the way hyp code lazily saves the host\u0027s\nFPSIMD/SVE state, including:\n\n* Host SVE being discarded unexpectedly due to inconsistent\n configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to\n result in QEMU crashes where SVE is used by memmove(), as reported by\n Eric Auger:\n\n https://issues.redhat.com/browse/RHEL-68997\n\n* Host SVE state is discarded *after* modification by ptrace, which was an\n unintentional ptrace ABI change introduced with lazy discarding of SVE state.\n\n* The host FPMR value can be discarded when running a non-protected VM,\n where FPMR support is not exposed to a VM, and that VM uses\n FPSIMD/SVE. In these cases the hyp code does not save the host\u0027s FPMR\n before unbinding the host\u0027s FPSIMD/SVE/SME state, leaving a stale\n value in memory.\n\nAvoid these by eagerly saving and \"flushing\" the host\u0027s FPSIMD/SVE/SME\nstate when loading a vCPU such that KVM does not need to save any of the\nhost\u0027s FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is\nremoved and the necessary call to fpsimd_save_and_flush_cpu_state() is\nplaced in kvm_arch_vcpu_load_fp(). As \u0027fpsimd_state\u0027 and \u0027fpmr_ptr\u0027\nshould not be used, they are set to NULL; all uses of these will be\nremoved in subsequent patches.\n\nHistorical problems go back at least as far as v5.17, e.g. erroneous\nassumptions about TIF_SVE being clear in commit:\n\n 8383741ab2e773a9 (\"KVM: arm64: Get rid of host SVE tracking/saving\")\n\n... and so this eager save+flush probably needs to be backported to ALL\nstable trees.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22013",
"url": "https://www.suse.com/security/cve/CVE-2025-22013"
},
{
"category": "external",
"summary": "SUSE Bug 1240938 for CVE-2025-22013",
"url": "https://bugzilla.suse.com/1240938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22013"
},
{
"cve": "CVE-2025-22014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: Fix the potential deadlock\n\nWhen some client process A call pdr_add_lookup() to add the look up for\nthe service and does schedule locator work, later a process B got a new\nserver packet indicating locator is up and call pdr_locator_new_server()\nwhich eventually sets pdr-\u003elocator_init_complete to true which process A\nsees and takes list lock and queries domain list but it will timeout due\nto deadlock as the response will queued to the same qmi-\u003ewq and it is\nordered workqueue and process B is not able to complete new server\nrequest work due to deadlock on list lock.\n\nFix it by removing the unnecessary list iteration as the list iteration\nis already being done inside locator work, so avoid it here and just\ncall schedule_work() here.\n\n Process A Process B\n\n process_scheduled_works()\npdr_add_lookup() qmi_data_ready_work()\n process_scheduled_works() pdr_locator_new_server()\n pdr-\u003elocator_init_complete=true;\n pdr_locator_work()\n mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_locate_service() mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_get_domain_list()\n pr_err(\"PDR: %s get domain list\n txn wait failed: %d\\n\",\n req-\u003eservice_name,\n ret);\n\nTimeout error log due to deadlock:\n\n\"\n PDR: tms/servreg get domain list txn wait failed: -110\n PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110\n\"\n\nThanks to Bjorn and Johan for letting me know that this commit also fixes\nan audio regression when using the in-kernel pd-mapper as that makes it\neasier to hit this race. [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22014",
"url": "https://www.suse.com/security/cve/CVE-2025-22014"
},
{
"category": "external",
"summary": "SUSE Bug 1240937 for CVE-2025-22014",
"url": "https://bugzilla.suse.com/1240937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22014"
},
{
"cve": "CVE-2025-22015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22015"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate: fix shmem xarray update during migration\n\nA shmem folio can be either in page cache or in swap cache, but not at the\nsame time. Namely, once it is in swap cache, folio-\u003emapping should be\nNULL, and the folio is no longer in a shmem mapping.\n\nIn __folio_migrate_mapping(), to determine the number of xarray entries to\nupdate, folio_test_swapbacked() is used, but that conflates shmem in page\ncache case and shmem in swap cache case. It leads to xarray multi-index\nentry corruption, since it turns a sibling entry to a normal entry during\nxas_store() (see [1] for a userspace reproduction). Fix it by only using\nfolio_test_swapcache() to determine whether xarray is storing swap cache\nentries or not to choose the right number of xarray entries to update.\n\n[1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/\n\nNote:\nIn __split_huge_page(), folio_test_anon() \u0026\u0026 folio_test_swapcache() is\nused to get swap_cache address space, but that ignores the shmem folio in\nswap cache case. It could lead to NULL pointer dereferencing when a\nin-swap-cache shmem folio is split at __xa_store(), since\n!folio_test_anon() is true and folio-\u003emapping is NULL. But fortunately,\nits caller split_huge_page_to_list_to_order() bails out early with EBUSY\nwhen folio-\u003emapping is NULL. So no need to take care of it here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22015",
"url": "https://www.suse.com/security/cve/CVE-2025-22015"
},
{
"category": "external",
"summary": "SUSE Bug 1240944 for CVE-2025-22015",
"url": "https://bugzilla.suse.com/1240944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22015"
},
{
"cve": "CVE-2025-22016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: fix xa_alloc_cyclic() error handling\n\nIn case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will\nbe returned, which will cause IS_ERR() to be false. Which can lead to\ndereference not allocated pointer (pin).\n\nFix it by checking if err is lower than zero.\n\nThis wasn\u0027t found in real usecase, only noticed. Credit to Pierre.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22016",
"url": "https://www.suse.com/security/cve/CVE-2025-22016"
},
{
"category": "external",
"summary": "SUSE Bug 1240934 for CVE-2025-22016",
"url": "https://bugzilla.suse.com/1240934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22016"
},
{
"cve": "CVE-2025-22017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: fix xa_alloc_cyclic() error handling\n\nIn case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will\nbe returned, which will cause IS_ERR() to be false. Which can lead to\ndereference not allocated pointer (rel).\n\nFix it by checking if err is lower than zero.\n\nThis wasn\u0027t found in real usecase, only noticed. Credit to Pierre.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22017",
"url": "https://www.suse.com/security/cve/CVE-2025-22017"
},
{
"category": "external",
"summary": "SUSE Bug 1240936 for CVE-2025-22017",
"url": "https://bugzilla.suse.com/1240936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22017"
},
{
"cve": "CVE-2025-22018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry-\u003euse code in it.\n\nkasan log:\n\n[ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[ 3.326430] Call Trace:\n[ 3.326725] \u003cTASK\u003e\n[ 3.326927] ? die_addr+0x3c/0xa0\n[ 3.327330] ? exc_general_protection+0x161/0x2a0\n[ 3.327662] ? asm_exc_general_protection+0x26/0x30\n[ 3.328214] ? vprintk_emit+0x15e/0x420\n[ 3.328543] ? eg_cache_remove_entry+0xa5/0x470\n[ 3.328910] ? eg_cache_remove_entry+0x9a/0x470\n[ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10\n[ 3.329664] ? console_unlock+0x107/0x1d0\n[ 3.329946] ? __pfx_console_unlock+0x10/0x10\n[ 3.330283] ? do_syscall_64+0xa6/0x1a0\n[ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[ 3.331090] ? __pfx_prb_read_valid+0x10/0x10\n[ 3.331395] ? down_trylock+0x52/0x80\n[ 3.331703] ? vprintk_emit+0x15e/0x420\n[ 3.331986] ? __pfx_vprintk_emit+0x10/0x10\n[ 3.332279] ? down_trylock+0x52/0x80\n[ 3.332527] ? _printk+0xbf/0x100\n[ 3.332762] ? __pfx__printk+0x10/0x10\n[ 3.333007] ? _raw_write_lock_irq+0x81/0xe0\n[ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10\n[ 3.333614] msg_from_mpoad+0x1185/0x2750\n[ 3.333893] ? __build_skb_around+0x27b/0x3a0\n[ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10\n[ 3.334501] ? __alloc_skb+0x1c0/0x310\n[ 3.334809] ? __pfx___alloc_skb+0x10/0x10\n[ 3.335283] ? _raw_spin_lock+0xe0/0xe0\n[ 3.335632] ? finish_wait+0x8d/0x1e0\n[ 3.335975] vcc_sendmsg+0x684/0xba0\n[ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10\n[ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10\n[ 3.337056] ? fdget+0x176/0x3e0\n[ 3.337348] __sys_sendto+0x4a2/0x510\n[ 3.337663] ? __pfx___sys_sendto+0x10/0x10\n[ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[ 3.338364] ? sock_ioctl+0x1bb/0x5a0\n[ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20\n[ 3.339017] ? __pfx_sock_ioctl+0x10/0x10\n[ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[ 3.339727] ? selinux_file_ioctl+0xa4/0x260\n[ 3.340166] __x64_sys_sendto+0xe0/0x1c0\n[ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140\n[ 3.340898] do_syscall_64+0xa6/0x1a0\n[ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 3.341533] RIP: 0033:0x44a380\n[ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22018",
"url": "https://www.suse.com/security/cve/CVE-2025-22018"
},
{
"category": "external",
"summary": "SUSE Bug 1241266 for CVE-2025-22018",
"url": "https://bugzilla.suse.com/1241266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22018"
},
{
"cve": "CVE-2025-22020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\nRead of size 8 at addr ffff888136335380 by task kworker/6:0/140241\n\nCPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1\nTainted: [E]=UNSIGNED_MODULE\nHardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024\nWorkqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x27/0x320\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n print_report+0x3e/0x70\n kasan_report+0xab/0xe0\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]\n ? __pfx___schedule+0x10/0x10\n ? kick_pool+0x3b/0x270\n process_one_work+0x357/0x660\n worker_thread+0x390/0x4c0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x190/0x1d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 161446:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x1a7/0x470\n memstick_alloc_host+0x1f/0xe0 [memstick]\n rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]\n platform_probe+0x60/0xe0\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n bus_probe_device+0xbd/0xd0\n device_add+0x4a5/0x760\n platform_device_add+0x189/0x370\n mfd_add_device+0x587/0x5e0\n mfd_add_devices+0xb1/0x130\n rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]\n usb_probe_interface+0x15c/0x460\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n rebind_marked_interfaces.isra.0+0xcc/0x110\n usb_reset_device+0x352/0x410\n usbdev_do_ioctl+0xe5c/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 161506:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x36/0x60\n __kasan_slab_free+0x34/0x50\n kfree+0x1fd/0x3b0\n device_release+0x56/0xf0\n kobject_cleanup+0x73/0x1c0\n rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]\n platform_remove+0x2f/0x50\n device_release_driver_internal+0x24b/0x2e0\n bus_remove_device+0x124/0x1d0\n device_del+0x239/0x530\n platform_device_del.part.0+0x19/0xe0\n platform_device_unregister+0x1c/0x40\n mfd_remove_devices_fn+0x167/0x170\n device_for_each_child_reverse+0xc9/0x130\n mfd_remove_devices+0x6e/0xa0\n rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]\n usb_unbind_interface+0xf3/0x3f0\n device_release_driver_internal+0x24b/0x2e0\n proc_disconnect_claim+0x13d/0x220\n usbdev_do_ioctl+0xb5e/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x360\n __irq_exit_rcu+0x114/0x130\n sysvec_apic_timer_interrupt+0x72/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22020",
"url": "https://www.suse.com/security/cve/CVE-2025-22020"
},
{
"category": "external",
"summary": "SUSE Bug 1241280 for CVE-2025-22020",
"url": "https://bugzilla.suse.com/1241280"
},
{
"category": "external",
"summary": "SUSE Bug 1241281 for CVE-2025-22020",
"url": "https://bugzilla.suse.com/1241281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-22020"
},
{
"cve": "CVE-2025-22021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22021"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: socket: Lookup orig tuple for IPv6 SNAT\n\nnf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to\nrestore the original 5-tuple in case of SNAT, to be able to find the\nright socket (if any). Then socket_match() can correctly check whether\nthe socket was transparent.\n\nHowever, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this\nconntrack lookup, making xt_socket fail to match on the socket when the\npacket was SNATed. Add the same logic to nf_sk_lookup_slow_v6.\n\nIPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as\npods\u0027 addresses are in the fd00::/8 ULA subnet and need to be replaced\nwith the node\u0027s external address. Cilium leverages Envoy to enforce L7\npolicies, and Envoy uses transparent sockets. Cilium inserts an iptables\nprerouting rule that matches on `-m socket --transparent` and redirects\nthe packets to localhost, but it fails to match SNATed IPv6 packets due\nto that missing conntrack lookup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22021",
"url": "https://www.suse.com/security/cve/CVE-2025-22021"
},
{
"category": "external",
"summary": "SUSE Bug 1241282 for CVE-2025-22021",
"url": "https://bugzilla.suse.com/1241282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "low"
}
],
"title": "CVE-2025-22021"
},
{
"cve": "CVE-2025-22025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22025"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: put dl_stid if fail to queue dl_recall\n\nBefore calling nfsd4_run_cb to queue dl_recall to the callback_wq, we\nincrement the reference count of dl_stid.\nWe expect that after the corresponding work_struct is processed, the\nreference count of dl_stid will be decremented through the callback\nfunction nfsd4_cb_recall_release.\nHowever, if the call to nfsd4_run_cb fails, the incremented reference\ncount of dl_stid will not be decremented correspondingly, leading to the\nfollowing nfs4_stid leak:\nunreferenced object 0xffff88812067b578 (size 344):\n comm \"nfsd\", pid 2761, jiffies 4295044002 (age 5541.241s)\n hex dump (first 32 bytes):\n 01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff ....kkkk........\n 00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de .kkkkkkk.....N..\n backtrace:\n kmem_cache_alloc+0x4b9/0x700\n nfsd4_process_open1+0x34/0x300\n nfsd4_open+0x2d1/0x9d0\n nfsd4_proc_compound+0x7a2/0xe30\n nfsd_dispatch+0x241/0x3e0\n svc_process_common+0x5d3/0xcc0\n svc_process+0x2a3/0x320\n nfsd+0x180/0x2e0\n kthread+0x199/0x1d0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\nunreferenced object 0xffff8881499f4d28 (size 368):\n comm \"nfsd\", pid 2761, jiffies 4295044005 (age 5541.239s)\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff ........0M.I....\n 30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00 0M.I.... .......\n backtrace:\n kmem_cache_alloc+0x4b9/0x700\n nfs4_alloc_stid+0x29/0x210\n alloc_init_deleg+0x92/0x2e0\n nfs4_set_delegation+0x284/0xc00\n nfs4_open_delegation+0x216/0x3f0\n nfsd4_process_open2+0x2b3/0xee0\n nfsd4_open+0x770/0x9d0\n nfsd4_proc_compound+0x7a2/0xe30\n nfsd_dispatch+0x241/0x3e0\n svc_process_common+0x5d3/0xcc0\n svc_process+0x2a3/0x320\n nfsd+0x180/0x2e0\n kthread+0x199/0x1d0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\nFix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if\nfail to queue dl_recall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22025",
"url": "https://www.suse.com/security/cve/CVE-2025-22025"
},
{
"category": "external",
"summary": "SUSE Bug 1241361 for CVE-2025-22025",
"url": "https://bugzilla.suse.com/1241361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22025"
},
{
"cve": "CVE-2025-22027",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22027"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: streamzap: fix race between device disconnection and urb callback\n\nSyzkaller has reported a general protection fault at function\nir_raw_event_store_with_filter(). This crash is caused by a NULL pointer\ndereference of dev-\u003eraw pointer, even though it is checked for NULL in\nthe same function, which means there is a race condition. It occurs due\nto the incorrect order of actions in the streamzap_disconnect() function:\nrc_unregister_device() is called before usb_kill_urb(). The dev-\u003eraw\npointer is freed and set to NULL in rc_unregister_device(), and only\nafter that usb_kill_urb() waits for in-progress requests to finish.\n\nIf rc_unregister_device() is called while streamzap_callback() handler is\nnot finished, this can lead to accessing freed resources. Thus\nrc_unregister_device() should be called after usb_kill_urb().\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22027",
"url": "https://www.suse.com/security/cve/CVE-2025-22027"
},
{
"category": "external",
"summary": "SUSE Bug 1241369 for CVE-2025-22027",
"url": "https://bugzilla.suse.com/1241369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22027"
},
{
"cve": "CVE-2025-22029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22029"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22029",
"url": "https://www.suse.com/security/cve/CVE-2025-22029"
},
{
"category": "external",
"summary": "SUSE Bug 1241378 for CVE-2025-22029",
"url": "https://bugzilla.suse.com/1241378"
},
{
"category": "external",
"summary": "SUSE Bug 1241379 for CVE-2025-22029",
"url": "https://bugzilla.suse.com/1241379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-22029"
},
{
"cve": "CVE-2025-22030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()\n\nCurrently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding\nthe per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock\n(through crypto_exit_scomp_ops_async()).\n\nOn the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through\ncrypto_scomp_init_tfm()), and then allocates memory. If the allocation\nresults in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex.\n\nThe above dependencies can cause an ABBA deadlock. For example in the\nfollowing scenario:\n\n(1) Task A running on CPU #1:\n crypto_alloc_acomp_node()\n Holds scomp_lock\n Enters reclaim\n Reads per_cpu_ptr(pool-\u003eacomp_ctx, 1)\n\n(2) Task A is descheduled\n\n(3) CPU #1 goes offline\n zswap_cpu_comp_dead(CPU #1)\n Holds per_cpu_ptr(pool-\u003eacomp_ctx, 1))\n Calls crypto_free_acomp()\n Waits for scomp_lock\n\n(4) Task A running on CPU #2:\n Waits for per_cpu_ptr(pool-\u003eacomp_ctx, 1) // Read on CPU #1\n DEADLOCK\n\nSince there is no requirement to call crypto_free_acomp() with the per-CPU\nacomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is\nunlocked. Also move the acomp_request_free() and kfree() calls for\nconsistency and to avoid any potential sublte locking dependencies in the\nfuture.\n\nWith this, only setting acomp_ctx fields to NULL occurs with the mutex\nheld. This is similar to how zswap_cpu_comp_prepare() only initializes\nacomp_ctx fields with the mutex held, after performing all allocations\nbefore holding the mutex.\n\nOpportunistically, move the NULL check on acomp_ctx so that it takes place\nbefore the mutex dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22030",
"url": "https://www.suse.com/security/cve/CVE-2025-22030"
},
{
"category": "external",
"summary": "SUSE Bug 1241376 for CVE-2025-22030",
"url": "https://bugzilla.suse.com/1241376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22030"
},
{
"cve": "CVE-2025-22033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Don\u0027t call NULL in do_compat_alignment_fixup()\n\ndo_alignment_t32_to_handler() only fixes up alignment faults for\nspecific instructions; it returns NULL otherwise (e.g. LDREX). When\nthat\u0027s the case, signal to the caller that it needs to proceed with the\nregular alignment fault handling (i.e. SIGBUS). Without this patch, the\nkernel panics:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Mem abort info:\n ESR = 0x0000000086000006\n EC = 0x21: IABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000\n [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000\n Internal error: Oops: 0000000086000006 [#1] SMP\n Modules linked in: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa\u003e\n libcrc32c crc32c_generic raid0 multipath linear dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c\u003e\n CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1 Debian 6.1.128-1\n Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021\n pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : 0x0\n lr : do_compat_alignment_fixup+0xd8/0x3dc\n sp : ffff80000f973dd0\n x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001\n x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000\n x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001\n Call trace:\n 0x0\n do_alignment_fault+0x40/0x50\n do_mem_abort+0x4c/0xa0\n el0_da+0x48/0xf0\n el0t_32_sync_handler+0x110/0x140\n el0t_32_sync+0x190/0x194\n Code: bad PC value\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22033",
"url": "https://www.suse.com/security/cve/CVE-2025-22033"
},
{
"category": "external",
"summary": "SUSE Bug 1241436 for CVE-2025-22033",
"url": "https://bugzilla.suse.com/1241436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22033"
},
{
"cve": "CVE-2025-22036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix random stack corruption after get_block\n\nWhen get_block is called with a buffer_head allocated on the stack, such\nas do_mpage_readpage, stack corruption due to buffer_head UAF may occur in\nthe following race condition situation.\n\n \u003cCPU 0\u003e \u003cCPU 1\u003e\nmpage_read_folio\n \u003c\u003cbh on stack\u003e\u003e\n do_mpage_readpage\n exfat_get_block\n bh_read\n __bh_read\n\t get_bh(bh)\n submit_bh\n wait_on_buffer\n ...\n end_buffer_read_sync\n __end_buffer_read_notouch\n unlock_buffer\n \u003c\u003ckeep going\u003e\u003e\n ...\n ...\n ...\n ...\n\u003c\u003cbh is not valid out of mpage_read_folio\u003e\u003e\n .\n .\nanother_function\n \u003c\u003cvariable A on stack\u003e\u003e\n put_bh(bh)\n atomic_dec(bh-\u003eb_count)\n * stack corruption here *\n\nThis patch returns -EAGAIN if a folio does not have buffers when bh_read\nneeds to be called. By doing this, the caller can fallback to functions\nlike block_read_full_folio(), create a buffer_head in the folio, and then\ncall get_block again.\n\nLet\u0027s do not call bh_read() with on-stack buffer_head.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22036",
"url": "https://www.suse.com/security/cve/CVE-2025-22036"
},
{
"category": "external",
"summary": "SUSE Bug 1241426 for CVE-2025-22036",
"url": "https://bugzilla.suse.com/1241426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22036"
},
{
"cve": "CVE-2025-22044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: fix narrowing conversion in acpi_nfit_ctl\n\nSyzkaller has reported a warning in to_nfit_bus_uuid(): \"only secondary\nbus families can be translated\". This warning is emited if the argument\nis equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first\nverifies that a user-provided value call_pkg-\u003end_family of type u64 is\nnot equal to 0. Then the value is converted to int, and only after that\nis compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid\nargument to acpi_nfit_ctl(), if call_pkg-\u003end_family is non-zero, while\nthe lower 32 bits are zero.\n\nFurthermore, it is best to return EINVAL immediately upon seeing the\ninvalid user input. The WARNING is insufficient to prevent further\nundefined behavior based on other invalid user input.\n\nAll checks of the input value should be applied to the original variable\ncall_pkg-\u003end_family.\n\n[iweiny: update commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22044",
"url": "https://www.suse.com/security/cve/CVE-2025-22044"
},
{
"category": "external",
"summary": "SUSE Bug 1241424 for CVE-2025-22044",
"url": "https://bugzilla.suse.com/1241424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22044"
},
{
"cve": "CVE-2025-22045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix flush_tlb_range() when used for zapping normal PMDs\n\nOn the following path, flush_tlb_range() can be used for zapping normal\nPMD entries (PMD entries that point to page tables) together with the PTE\nentries in the pointed-to page table:\n\n collapse_pte_mapped_thp\n pmdp_collapse_flush\n flush_tlb_range\n\nThe arm64 version of flush_tlb_range() has a comment describing that it can\nbe used for page table removal, and does not use any last-level\ninvalidation optimizations. Fix the X86 version by making it behave the\nsame way.\n\nCurrently, X86 only uses this information for the following two purposes,\nwhich I think means the issue doesn\u0027t have much impact:\n\n - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be\n IPI\u0027d to avoid issues with speculative page table walks.\n - In Hyper-V TLB paravirtualization, again for lazy TLB stuff.\n\nThe patch \"x86/mm: only invalidate final translations with INVLPGB\" which\nis currently under review (see\n\u003chttps://lore.kernel.org/all/20241230175550.4046587-13-riel@surriel.com/\u003e)\nwould probably be making the impact of this a lot worse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22045",
"url": "https://www.suse.com/security/cve/CVE-2025-22045"
},
{
"category": "external",
"summary": "SUSE Bug 1241433 for CVE-2025-22045",
"url": "https://bugzilla.suse.com/1241433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22045"
},
{
"cve": "CVE-2025-22050",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22050"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet:fix NPE during rx_complete\n\nMissing usbnet_going_away Check in Critical Path.\nThe usb_submit_urb function lacks a usbnet_going_away\nvalidation, whereas __usbnet_queue_skb includes this check.\n\nThis inconsistency creates a race condition where:\nA URB request may succeed, but the corresponding SKB data\nfails to be queued.\n\nSubsequent processes:\n(e.g., rx_complete \u2192 defer_bh \u2192 __skb_unlink(skb, list))\nattempt to access skb-\u003enext, triggering a NULL pointer\ndereference (Kernel Panic).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22050",
"url": "https://www.suse.com/security/cve/CVE-2025-22050"
},
{
"category": "external",
"summary": "SUSE Bug 1241441 for CVE-2025-22050",
"url": "https://bugzilla.suse.com/1241441"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22050"
},
{
"cve": "CVE-2025-22053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ibmveth: make veth_pool_store stop hanging\n\nv2:\n- Created a single error handling unlock and exit in veth_pool_store\n- Greatly expanded commit message with previous explanatory-only text\n\nSummary: Use rtnl_mutex to synchronize veth_pool_store with itself,\nibmveth_close and ibmveth_open, preventing multiple calls in a row to\nnapi_disable.\n\nBackground: Two (or more) threads could call veth_pool_store through\nwriting to /sys/devices/vio/30000002/pool*/*. You can do this easily\nwith a little shell script. This causes a hang.\n\nI configured LOCKDEP, compiled ibmveth.c with DEBUG, and built a new\nkernel. I ran this test again and saw:\n\n Setting pool0/active to 0\n Setting pool1/active to 1\n [ 73.911067][ T4365] ibmveth 30000002 eth0: close starting\n Setting pool1/active to 1\n Setting pool1/active to 0\n [ 73.911367][ T4366] ibmveth 30000002 eth0: close starting\n [ 73.916056][ T4365] ibmveth 30000002 eth0: close complete\n [ 73.916064][ T4365] ibmveth 30000002 eth0: open starting\n [ 110.808564][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n [ 230.808495][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n [ 243.683786][ T123] INFO: task stress.sh:4365 blocked for more than 122 seconds.\n [ 243.683827][ T123] Not tainted 6.14.0-01103-g2df0c02dab82-dirty #8\n [ 243.683833][ T123] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n [ 243.683838][ T123] task:stress.sh state:D stack:28096 pid:4365 tgid:4365 ppid:4364 task_flags:0x400040 flags:0x00042000\n [ 243.683852][ T123] Call Trace:\n [ 243.683857][ T123] [c00000000c38f690] [0000000000000001] 0x1 (unreliable)\n [ 243.683868][ T123] [c00000000c38f840] [c00000000001f908] __switch_to+0x318/0x4e0\n [ 243.683878][ T123] [c00000000c38f8a0] [c000000001549a70] __schedule+0x500/0x12a0\n [ 243.683888][ T123] [c00000000c38f9a0] [c00000000154a878] schedule+0x68/0x210\n [ 243.683896][ T123] [c00000000c38f9d0] [c00000000154ac80] schedule_preempt_disabled+0x30/0x50\n [ 243.683904][ T123] [c00000000c38fa00] [c00000000154dbb0] __mutex_lock+0x730/0x10f0\n [ 243.683913][ T123] [c00000000c38fb10] [c000000001154d40] napi_enable+0x30/0x60\n [ 243.683921][ T123] [c00000000c38fb40] [c000000000f4ae94] ibmveth_open+0x68/0x5dc\n [ 243.683928][ T123] [c00000000c38fbe0] [c000000000f4aa20] veth_pool_store+0x220/0x270\n [ 243.683936][ T123] [c00000000c38fc70] [c000000000826278] sysfs_kf_write+0x68/0xb0\n [ 243.683944][ T123] [c00000000c38fcb0] [c0000000008240b8] kernfs_fop_write_iter+0x198/0x2d0\n [ 243.683951][ T123] [c00000000c38fd00] [c00000000071b9ac] vfs_write+0x34c/0x650\n [ 243.683958][ T123] [c00000000c38fdc0] [c00000000071bea8] ksys_write+0x88/0x150\n [ 243.683966][ T123] [c00000000c38fe10] [c0000000000317f4] system_call_exception+0x124/0x340\n [ 243.683973][ T123] [c00000000c38fe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec\n ...\n [ 243.684087][ T123] Showing all locks held in the system:\n [ 243.684095][ T123] 1 lock held by khungtaskd/123:\n [ 243.684099][ T123] #0: c00000000278e370 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x50/0x248\n [ 243.684114][ T123] 4 locks held by stress.sh/4365:\n [ 243.684119][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n [ 243.684132][ T123] #1: c000000041aea888 (\u0026of-\u003emutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x154/0x2d0\n [ 243.684143][ T123] #2: c0000000366fb9a8 (kn-\u003eactive#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x160/0x2d0\n [ 243.684155][ T123] #3: c000000035ff4cb8 (\u0026dev-\u003elock){+.+.}-{3:3}, at: napi_enable+0x30/0x60\n [ 243.684166][ T123] 5 locks held by stress.sh/4366:\n [ 243.684170][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n [ 243.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22053",
"url": "https://www.suse.com/security/cve/CVE-2025-22053"
},
{
"category": "external",
"summary": "SUSE Bug 1241373 for CVE-2025-22053",
"url": "https://bugzilla.suse.com/1241373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22053"
},
{
"cve": "CVE-2025-22055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix geneve_opt length integer overflow\n\nstruct geneve_opt uses 5 bit length for each single option, which\nmeans every vary size option should be smaller than 128 bytes.\n\nHowever, all current related Netlink policies cannot promise this\nlength condition and the attacker can exploit a exact 128-byte size\noption to *fake* a zero length option and confuse the parsing logic,\nfurther achieve heap out-of-bounds read.\n\nOne example crash log is like below:\n\n[ 3.905425] ==================================================================\n[ 3.905925] BUG: KASAN: slab-out-of-bounds in nla_put+0xa9/0xe0\n[ 3.906255] Read of size 124 at addr ffff888005f291cc by task poc/177\n[ 3.906646]\n[ 3.906775] CPU: 0 PID: 177 Comm: poc-oob-read Not tainted 6.1.132 #1\n[ 3.907131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 3.907784] Call Trace:\n[ 3.907925] \u003cTASK\u003e\n[ 3.908048] dump_stack_lvl+0x44/0x5c\n[ 3.908258] print_report+0x184/0x4be\n[ 3.909151] kasan_report+0xc5/0x100\n[ 3.909539] kasan_check_range+0xf3/0x1a0\n[ 3.909794] memcpy+0x1f/0x60\n[ 3.909968] nla_put+0xa9/0xe0\n[ 3.910147] tunnel_key_dump+0x945/0xba0\n[ 3.911536] tcf_action_dump_1+0x1c1/0x340\n[ 3.912436] tcf_action_dump+0x101/0x180\n[ 3.912689] tcf_exts_dump+0x164/0x1e0\n[ 3.912905] fw_dump+0x18b/0x2d0\n[ 3.913483] tcf_fill_node+0x2ee/0x460\n[ 3.914778] tfilter_notify+0xf4/0x180\n[ 3.915208] tc_new_tfilter+0xd51/0x10d0\n[ 3.918615] rtnetlink_rcv_msg+0x4a2/0x560\n[ 3.919118] netlink_rcv_skb+0xcd/0x200\n[ 3.919787] netlink_unicast+0x395/0x530\n[ 3.921032] netlink_sendmsg+0x3d0/0x6d0\n[ 3.921987] __sock_sendmsg+0x99/0xa0\n[ 3.922220] __sys_sendto+0x1b7/0x240\n[ 3.922682] __x64_sys_sendto+0x72/0x90\n[ 3.922906] do_syscall_64+0x5e/0x90\n[ 3.923814] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 3.924122] RIP: 0033:0x7e83eab84407\n[ 3.924331] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[ 3.925330] RSP: 002b:00007ffff505e370 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\n[ 3.925752] RAX: ffffffffffffffda RBX: 00007e83eaafa740 RCX: 00007e83eab84407\n[ 3.926173] RDX: 00000000000001a8 RSI: 00007ffff505e3c0 RDI: 0000000000000003\n[ 3.926587] RBP: 00007ffff505f460 R08: 00007e83eace1000 R09: 000000000000000c\n[ 3.926977] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffff505f3c0\n[ 3.927367] R13: 00007ffff505f5c8 R14: 00007e83ead1b000 R15: 00005d4fbbe6dcb8\n\nFix these issues by enforing correct length condition in related\npolicies.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22055",
"url": "https://www.suse.com/security/cve/CVE-2025-22055"
},
{
"category": "external",
"summary": "SUSE Bug 1241371 for CVE-2025-22055",
"url": "https://bugzilla.suse.com/1241371"
},
{
"category": "external",
"summary": "SUSE Bug 1241372 for CVE-2025-22055",
"url": "https://bugzilla.suse.com/1241372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-22055"
},
{
"cve": "CVE-2025-22056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tunnel: fix geneve_opt type confusion addition\n\nWhen handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the\nparsing logic should place every geneve_opt structure one by one\ncompactly. Hence, when deciding the next geneve_opt position, the\npointer addition should be in units of char *.\n\nHowever, the current implementation erroneously does type conversion\nbefore the addition, which will lead to heap out-of-bounds write.\n\n[ 6.989857] ==================================================================\n[ 6.990293] BUG: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70\n[ 6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178\n[ 6.991162]\n[ 6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1\n[ 6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 6.992281] Call Trace:\n[ 6.992423] \u003cTASK\u003e\n[ 6.992586] dump_stack_lvl+0x44/0x5c\n[ 6.992801] print_report+0x184/0x4be\n[ 6.993790] kasan_report+0xc5/0x100\n[ 6.994252] kasan_check_range+0xf3/0x1a0\n[ 6.994486] memcpy+0x38/0x60\n[ 6.994692] nft_tunnel_obj_init+0x977/0xa70\n[ 6.995677] nft_obj_init+0x10c/0x1b0\n[ 6.995891] nf_tables_newobj+0x585/0x950\n[ 6.996922] nfnetlink_rcv_batch+0xdf9/0x1020\n[ 6.998997] nfnetlink_rcv+0x1df/0x220\n[ 6.999537] netlink_unicast+0x395/0x530\n[ 7.000771] netlink_sendmsg+0x3d0/0x6d0\n[ 7.001462] __sock_sendmsg+0x99/0xa0\n[ 7.001707] ____sys_sendmsg+0x409/0x450\n[ 7.002391] ___sys_sendmsg+0xfd/0x170\n[ 7.003145] __sys_sendmsg+0xea/0x170\n[ 7.004359] do_syscall_64+0x5e/0x90\n[ 7.005817] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 7.006127] RIP: 0033:0x7ec756d4e407\n[ 7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[ 7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n[ 7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407\n[ 7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003\n[ 7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000\n[ 7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\n[ 7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8\n\nFix this bug with correct pointer addition and conversion in parse\nand dump code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22056",
"url": "https://www.suse.com/security/cve/CVE-2025-22056"
},
{
"category": "external",
"summary": "SUSE Bug 1241525 for CVE-2025-22056",
"url": "https://bugzilla.suse.com/1241525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22056"
},
{
"cve": "CVE-2025-22057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: decrease cached dst counters in dst_release\n\nUpstream fix ac888d58869b (\"net: do not delay dst_entries_add() in\ndst_release()\") moved decrementing the dst count from dst_destroy to\ndst_release to avoid accessing already freed data in case of netns\ndismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels\nare used, this fix is incomplete as the same issue will be seen for\ncached dsts:\n\n Unable to handle kernel paging request at virtual address ffff5aabf6b5c000\n Call trace:\n percpu_counter_add_batch+0x3c/0x160 (P)\n dst_release+0xec/0x108\n dst_cache_destroy+0x68/0xd8\n dst_destroy+0x13c/0x168\n dst_destroy_rcu+0x1c/0xb0\n rcu_do_batch+0x18c/0x7d0\n rcu_core+0x174/0x378\n rcu_core_si+0x18/0x30\n\nFix this by invalidating the cache, and thus decrementing cached dst\ncounters, in dst_release too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22057",
"url": "https://www.suse.com/security/cve/CVE-2025-22057"
},
{
"category": "external",
"summary": "SUSE Bug 1241533 for CVE-2025-22057",
"url": "https://bugzilla.suse.com/1241533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22057"
},
{
"cve": "CVE-2025-22058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix memory accounting leak.\n\nMatt Dowling reported a weird UDP memory usage issue.\n\nUnder normal operation, the UDP memory usage reported in /proc/net/sockstat\nremains close to zero. However, it occasionally spiked to 524,288 pages\nand never dropped. Moreover, the value doubled when the application was\nterminated. Finally, it caused intermittent packet drops.\n\nWe can reproduce the issue with the script below [0]:\n\n 1. /proc/net/sockstat reports 0 pages\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 0\n\n 2. Run the script till the report reaches 524,288\n\n # python3 test.py \u0026 sleep 5\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 3 mem 524288 \u003c-- (INT_MAX + 1) \u003e\u003e PAGE_SHIFT\n\n 3. Kill the socket and confirm the number never drops\n\n # pkill python3 \u0026\u0026 sleep 5\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 524288\n\n 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain()\n\n # python3 test.py \u0026 sleep 1 \u0026\u0026 pkill python3\n\n 5. The number doubles\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 1048577\n\nThe application set INT_MAX to SO_RCVBUF, which triggered an integer\noverflow in udp_rmem_release().\n\nWhen a socket is close()d, udp_destruct_common() purges its receive\nqueue and sums up skb-\u003etruesize in the queue. This total is calculated\nand stored in a local unsigned integer variable.\n\nThe total size is then passed to udp_rmem_release() to adjust memory\naccounting. However, because the function takes a signed integer\nargument, the total size can wrap around, causing an overflow.\n\nThen, the released amount is calculated as follows:\n\n 1) Add size to sk-\u003esk_forward_alloc.\n 2) Round down sk-\u003esk_forward_alloc to the nearest lower multiple of\n PAGE_SIZE and assign it to amount.\n 3) Subtract amount from sk-\u003esk_forward_alloc.\n 4) Pass amount \u003e\u003e PAGE_SHIFT to __sk_mem_reduce_allocated().\n\nWhen the issue occurred, the total in udp_destruct_common() was 2147484480\n(INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release().\n\nAt 1) sk-\u003esk_forward_alloc is changed from 3264 to -2147479552, and\n2) sets -2147479552 to amount. 3) reverts the wraparound, so we don\u0027t\nsee a warning in inet_sock_destruct(). However, udp_memory_allocated\nends up doubling at 4).\n\nSince commit 3cd3399dd7a8 (\"net: implement per-cpu reserves for\nmemory_allocated\"), memory usage no longer doubles immediately after\na socket is close()d because __sk_mem_reduce_allocated() caches the\namount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP\nsocket receives a packet, the subtraction takes effect, causing UDP\nmemory usage to double.\n\nThis issue makes further memory allocation fail once the socket\u0027s\nsk-\u003esk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet\ndrops.\n\nTo prevent this issue, let\u0027s use unsigned int for the calculation and\ncall sk_forward_alloc_add() only once for the small delta.\n\nNote that first_packet_length() also potentially has the same problem.\n\n[0]:\nfrom socket import *\n\nSO_RCVBUFFORCE = 33\nINT_MAX = (2 ** 31) - 1\n\ns = socket(AF_INET, SOCK_DGRAM)\ns.bind((\u0027\u0027, 0))\ns.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX)\n\nc = socket(AF_INET, SOCK_DGRAM)\nc.connect(s.getsockname())\n\ndata = b\u0027a\u0027 * 100\n\nwhile True:\n c.send(data)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22058",
"url": "https://www.suse.com/security/cve/CVE-2025-22058"
},
{
"category": "external",
"summary": "SUSE Bug 1241332 for CVE-2025-22058",
"url": "https://bugzilla.suse.com/1241332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22058"
},
{
"cve": "CVE-2025-22060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: Prevent parser TCAM memory corruption\n\nProtect the parser TCAM/SRAM memory, and the cached (shadow) SRAM\ninformation, from concurrent modifications.\n\nBoth the TCAM and SRAM tables are indirectly accessed by configuring\nan index register that selects the row to read or write to. This means\nthat operations must be atomic in order to, e.g., avoid spreading\nwrites across multiple rows. Since the shadow SRAM array is used to\nfind free rows in the hardware table, it must also be protected in\norder to avoid TOCTOU errors where multiple cores allocate the same\nrow.\n\nThis issue was detected in a situation where `mvpp2_set_rx_mode()` ran\nconcurrently on two CPUs. In this particular case the\nMVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the\nclassifier unit to drop all incoming unicast - indicated by the\n`rx_classifier_drops` counter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22060",
"url": "https://www.suse.com/security/cve/CVE-2025-22060"
},
{
"category": "external",
"summary": "SUSE Bug 1241526 for CVE-2025-22060",
"url": "https://bugzilla.suse.com/1241526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22060"
},
{
"cve": "CVE-2025-22062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: add mutual exclusion in proc_sctp_do_udp_port()\n\nWe must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()\nor risk a crash as syzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\n RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653\nCall Trace:\n \u003cTASK\u003e\n udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181\n sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930\n proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553\n proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601\n iter_file_splice_write+0x91c/0x1150 fs/splice.c:738\n do_splice_from fs/splice.c:935 [inline]\n direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158\n splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102\n do_splice_direct_actor fs/splice.c:1201 [inline]\n do_splice_direct+0x174/0x240 fs/splice.c:1227\n do_sendfile+0xafd/0xe50 fs/read_write.c:1368\n __do_sys_sendfile64 fs/read_write.c:1429 [inline]\n __se_sys_sendfile64 fs/read_write.c:1415 [inline]\n __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22062",
"url": "https://www.suse.com/security/cve/CVE-2025-22062"
},
{
"category": "external",
"summary": "SUSE Bug 1241412 for CVE-2025-22062",
"url": "https://bugzilla.suse.com/1241412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22062"
},
{
"cve": "CVE-2025-22063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets\n\nWhen calling netlbl_conn_setattr(), addr-\u003esa_family is used\nto determine the function behavior. If sk is an IPv4 socket,\nbut the connect function is called with an IPv6 address,\nthe function calipso_sock_setattr() is triggered.\nInside this function, the following code is executed:\n\nsk_fullsock(__sk) ? inet_sk(__sk)-\u003epinet6 : NULL;\n\nSince sk is an IPv4 socket, pinet6 is NULL, leading to a\nnull pointer dereference.\n\nThis patch fixes the issue by checking if inet6_sk(sk)\nreturns a NULL pointer before accessing pinet6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22063",
"url": "https://www.suse.com/security/cve/CVE-2025-22063"
},
{
"category": "external",
"summary": "SUSE Bug 1241351 for CVE-2025-22063",
"url": "https://bugzilla.suse.com/1241351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22063"
},
{
"cve": "CVE-2025-22064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t unregister hook when table is dormant\n\nWhen nf_tables_updchain encounters an error, hook registration needs to\nbe rolled back.\n\nThis should only be done if the hook has been registered, which won\u0027t\nhappen when the table is flagged as dormant (inactive).\n\nJust move the assignment into the registration block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22064",
"url": "https://www.suse.com/security/cve/CVE-2025-22064"
},
{
"category": "external",
"summary": "SUSE Bug 1241413 for CVE-2025-22064",
"url": "https://bugzilla.suse.com/1241413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22064"
},
{
"cve": "CVE-2025-22065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22065"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix adapter NULL pointer dereference on reboot\n\nWith SRIOV enabled, idpf ends up calling into idpf_remove() twice.\nFirst via idpf_shutdown() and then again when idpf_remove() calls into\nsriov_disable(), because the VF devices use the idpf driver, hence the\nsame remove routine. When that happens, it is possible for the adapter\nto be NULL from the first call to idpf_remove(), leading to a NULL\npointer dereference.\n\necho 1 \u003e /sys/class/net/\u003cnetif\u003e/device/sriov_numvfs\nreboot\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\n...\nRIP: 0010:idpf_remove+0x22/0x1f0 [idpf]\n...\n? idpf_remove+0x22/0x1f0 [idpf]\n? idpf_remove+0x1e4/0x1f0 [idpf]\npci_device_remove+0x3f/0xb0\ndevice_release_driver_internal+0x19f/0x200\npci_stop_bus_device+0x6d/0x90\npci_stop_and_remove_bus_device+0x12/0x20\npci_iov_remove_virtfn+0xbe/0x120\nsriov_disable+0x34/0xe0\nidpf_sriov_configure+0x58/0x140 [idpf]\nidpf_remove+0x1b9/0x1f0 [idpf]\nidpf_shutdown+0x12/0x30 [idpf]\npci_device_shutdown+0x35/0x60\ndevice_shutdown+0x156/0x200\n...\n\nReplace the direct idpf_remove() call in idpf_shutdown() with\nidpf_vc_core_deinit() and idpf_deinit_dflt_mbx(), which perform\nthe bulk of the cleanup, such as stopping the init task, freeing IRQs,\ndestroying the vports and freeing the mailbox. This avoids the calls to\nsriov_disable() in addition to a small netdev cleanup, and destroying\nworkqueues, which don\u0027t seem to be required on shutdown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22065",
"url": "https://www.suse.com/security/cve/CVE-2025-22065"
},
{
"category": "external",
"summary": "SUSE Bug 1241333 for CVE-2025-22065",
"url": "https://bugzilla.suse.com/1241333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22065"
},
{
"cve": "CVE-2025-22070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix NULL pointer dereference on mkdir\n\nWhen a 9p tree was mounted with option \u0027posixacl\u0027, parent directory had a\ndefault ACL set for its subdirectories, e.g.:\n\n setfacl -m default:group:simpsons:rwx parentdir\n\nthen creating a subdirectory crashed 9p client, as v9fs_fid_add() call in\nfunction v9fs_vfs_mkdir_dotl() sets the passed \u0027fid\u0027 pointer to NULL\n(since dafbe689736) even though the subsequent v9fs_set_create_acl() call\nexpects a valid non-NULL \u0027fid\u0027 pointer:\n\n [ 37.273191] BUG: kernel NULL pointer dereference, address: 0000000000000000\n ...\n [ 37.322338] Call Trace:\n [ 37.323043] \u003cTASK\u003e\n [ 37.323621] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n [ 37.324448] ? page_fault_oops (arch/x86/mm/fault.c:714)\n [ 37.325532] ? search_module_extables (kernel/module/main.c:3733)\n [ 37.326742] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n [ 37.328006] ? search_bpf_extables (kernel/bpf/core.c:804)\n [ 37.329142] ? exc_page_fault (./arch/x86/include/asm/paravirt.h:686 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538)\n [ 37.330196] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:574)\n [ 37.331330] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n [ 37.332562] ? v9fs_fid_xattr_get (fs/9p/xattr.c:30) 9p\n [ 37.333824] v9fs_fid_xattr_set (fs/9p/fid.h:23 fs/9p/xattr.c:121) 9p\n [ 37.335077] v9fs_set_acl (fs/9p/acl.c:276) 9p\n [ 37.336112] v9fs_set_create_acl (fs/9p/acl.c:307) 9p\n [ 37.337326] v9fs_vfs_mkdir_dotl (fs/9p/vfs_inode_dotl.c:411) 9p\n [ 37.338590] vfs_mkdir (fs/namei.c:4313)\n [ 37.339535] do_mkdirat (fs/namei.c:4336)\n [ 37.340465] __x64_sys_mkdir (fs/namei.c:4354)\n [ 37.341455] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n [ 37.342447] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by simply swapping the sequence of these two calls in\nv9fs_vfs_mkdir_dotl(), i.e. calling v9fs_set_create_acl() before\nv9fs_fid_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22070",
"url": "https://www.suse.com/security/cve/CVE-2025-22070"
},
{
"category": "external",
"summary": "SUSE Bug 1241305 for CVE-2025-22070",
"url": "https://bugzilla.suse.com/1241305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22070"
},
{
"cve": "CVE-2025-22075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Allocate vfinfo size for VF GUIDs when supported\n\nCommit 30aad41721e0 (\"net/core: Add support for getting VF GUIDs\")\nadded support for getting VF port and node GUIDs in netlink ifinfo\nmessages, but their size was not taken into consideration in the\nfunction that allocates the netlink message, causing the following\nwarning when a netlink message is filled with many VF port and node\nGUIDs:\n # echo 64 \u003e /sys/bus/pci/devices/0000\\:08\\:00.0/sriov_numvfs\n # ip link show dev ib0\n RTNETLINK answers: Message too long\n Cannot send link get request: Message too long\n\nKernel warning:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnl_getlink+0x586/0x5a0\n Modules linked in: xt_conntrack xt_MASQUERADE nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay mlx5_ib macsec mlx5_core tls rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm iw_cm ib_ipoib fuse ib_cm ib_core\n CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:rtnl_getlink+0x586/0x5a0\n Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff \u003c0f\u003e 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00\n RSP: 0018:ffff888113557348 EFLAGS: 00010246\n RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000\n RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8\n RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000\n R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00\n R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff\n FS: 00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xa5/0x230\n ? rtnl_getlink+0x586/0x5a0\n ? report_bug+0x22d/0x240\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_trim+0x6a/0x80\n ? rtnl_getlink+0x586/0x5a0\n ? __pfx_rtnl_getlink+0x10/0x10\n ? rtnetlink_rcv_msg+0x1e5/0x860\n ? __pfx___mutex_lock+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? __pfx_lock_acquire+0x10/0x10\n ? stack_trace_save+0x90/0xd0\n ? filter_irq_stacks+0x1d/0x70\n ? kasan_save_stack+0x30/0x40\n ? kasan_save_stack+0x20/0x40\n ? kasan_save_track+0x10/0x30\n rtnetlink_rcv_msg+0x21c/0x860\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n ? arch_stack_walk+0x9e/0xf0\n ? rcu_is_watching+0x34/0x60\n ? lock_acquire+0xd5/0x410\n ? rcu_is_watching+0x34/0x60\n netlink_rcv_skb+0xe0/0x210\n ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n ? __pfx_netlink_rcv_skb+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? __pfx___netlink_lookup+0x10/0x10\n ? lock_release+0x62/0x200\n ? netlink_deliver_tap+0xfd/0x290\n ? rcu_is_watching+0x34/0x60\n ? lock_release+0x62/0x200\n ? netlink_deliver_tap+0x95/0x290\n netlink_unicast+0x31f/0x480\n ? __pfx_netlink_unicast+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? lock_acquire+0xd5/0x410\n netlink_sendmsg+0x369/0x660\n ? lock_release+0x62/0x200\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? import_ubuf+0xb9/0xf0\n ? __import_iovec+0x254/0x2b0\n ? lock_release+0x62/0x200\n ? __pfx_netlink_sendmsg+0x10/0x10\n ____sys_sendmsg+0x559/0x5a0\n ? __pfx_____sys_sendmsg+0x10/0x10\n ? __pfx_copy_msghdr_from_user+0x10/0x10\n ? rcu_is_watching+0x34/0x60\n ? do_read_fault+0x213/0x4a0\n ? rcu_is_watching+0x34/0x60\n ___sys_sendmsg+0xe4/0x150\n ? __pfx____sys_sendmsg+0x10/0x10\n ? do_fault+0x2cc/0x6f0\n ? handle_pte_fault+0x2e3/0x3d0\n ? __pfx_handle_pte_fault+0x10/0x10\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22075",
"url": "https://www.suse.com/security/cve/CVE-2025-22075"
},
{
"category": "external",
"summary": "SUSE Bug 1241402 for CVE-2025-22075",
"url": "https://bugzilla.suse.com/1241402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22075"
},
{
"cve": "CVE-2025-22080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Prevent integer overflow in hdr_first_de()\n\nThe \"de_off\" and \"used\" variables come from the disk so they both need to\ncheck. The problem is that on 32bit systems if they\u0027re both greater than\nUINT_MAX - 16 then the check does work as intended because of an integer\noverflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22080",
"url": "https://www.suse.com/security/cve/CVE-2025-22080"
},
{
"category": "external",
"summary": "SUSE Bug 1241416 for CVE-2025-22080",
"url": "https://bugzilla.suse.com/1241416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22080"
},
{
"cve": "CVE-2025-22085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix use-after-free when rename device name\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099\nRead of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025\n\nCPU: 0 UID: 0 PID: 10025 Comm: syz.0.988\nNot tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x16e/0x5b0 mm/kasan/report.c:521\n kasan_report+0x143/0x180 mm/kasan/report.c:634\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n nla_put+0xd3/0x150 lib/nlattr.c:1099\n nla_put_string include/net/netlink.h:1621 [inline]\n fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265\n rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857\n ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344\n ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460\n rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540\n rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212\n nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:709 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:724\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2564\n ___sys_sendmsg net/socket.c:2618 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2650\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f42d1b8d169\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ...\nRSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169\nRDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c\nRBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8\n \u003c/TASK\u003e\n\nAllocated by task 10025:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313\n __kmemdup_nul mm/util.c:61 [inline]\n kstrdup+0x42/0x100 mm/util.c:81\n kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274\n dev_set_name+0xd5/0x120 drivers/base/core.c:3468\n assign_name drivers/infiniband/core/device.c:1202 [inline]\n ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384\n rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540\n rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212\n nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8de/0xcb0 net\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22085",
"url": "https://www.suse.com/security/cve/CVE-2025-22085"
},
{
"category": "external",
"summary": "SUSE Bug 1241419 for CVE-2025-22085",
"url": "https://bugzilla.suse.com/1241419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22085"
},
{
"cve": "CVE-2025-22086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow\n\nWhen cur_qp isn\u0027t NULL, in order to avoid fetching the QP from\nthe radix tree again we check if the next cqe QP is identical to\nthe one we already have.\n\nThe bug however is that we are checking if the QP is identical by\nchecking the QP number inside the CQE against the QP number inside the\nmlx5_ib_qp, but that\u0027s wrong since the QP number from the CQE is from\nFW so it should be matched against mlx5_core_qp which is our FW QP\nnumber.\n\nOtherwise we could use the wrong QP when handling a CQE which could\ncause the kernel trace below.\n\nThis issue is mainly noticeable over QPs 0 \u0026 1, since for now they are\nthe only QPs in our driver whereas the QP number inside mlx5_ib_qp\ndoesn\u0027t match the QP number inside mlx5_core_qp.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP\n CPU: 0 UID: 0 PID: 7927 Comm: kworker/u62:1 Not tainted 6.14.0-rc3+ #189\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]\n RIP: 0010:mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n Code: 03 00 00 8d 58 ff 21 cb 66 39 d3 74 39 48 c7 c7 3c 89 6e a0 0f b7 db e8 b7 d2 b3 e0 49 8b 86 60 03 00 00 48 c7 c7 4a 89 6e a0 \u003c0f\u003e b7 5c 98 02 e8 9f d2 b3 e0 41 0f b7 86 78 03 00 00 83 e8 01 21\n RSP: 0018:ffff88810511bd60 EFLAGS: 00010046\n RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff88885fa1b3c0 RDI: ffffffffa06e894a\n RBP: 00000000000000b0 R08: 0000000000000000 R09: ffff88810511bc10\n R10: 0000000000000001 R11: 0000000000000001 R12: ffff88810d593000\n R13: ffff88810e579108 R14: ffff888105146000 R15: 00000000000000b0\n FS: 0000000000000000(0000) GS:ffff88885fa00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000012 CR3: 00000001077e6001 CR4: 0000000000370eb0\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x150/0x3e0\n ? exc_page_fault+0x74/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n __ib_process_cq+0x5a/0x150 [ib_core]\n ib_cq_poll_work+0x31/0x90 [ib_core]\n process_one_work+0x169/0x320\n worker_thread+0x288/0x3a0\n ? work_busy+0xb0/0xb0\n kthread+0xd7/0x1f0\n ? kthreads_online_cpu+0x130/0x130\n ? kthreads_online_cpu+0x130/0x130\n ret_from_fork+0x2d/0x50\n ? kthreads_online_cpu+0x130/0x130\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22086",
"url": "https://www.suse.com/security/cve/CVE-2025-22086"
},
{
"category": "external",
"summary": "SUSE Bug 1241458 for CVE-2025-22086",
"url": "https://bugzilla.suse.com/1241458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22086"
},
{
"cve": "CVE-2025-22088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/erdma: Prevent use-after-free in erdma_accept_newconn()\n\nAfter the erdma_cep_put(new_cep) being called, new_cep will be freed,\nand the following dereference will cause a UAF problem. Fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22088",
"url": "https://www.suse.com/security/cve/CVE-2025-22088"
},
{
"category": "external",
"summary": "SUSE Bug 1241528 for CVE-2025-22088",
"url": "https://bugzilla.suse.com/1241528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22088"
},
{
"cve": "CVE-2025-22090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()\n\nIf track_pfn_copy() fails, we already added the dst VMA to the maple\ntree. As fork() fails, we\u0027ll cleanup the maple tree, and stumble over\nthe dst VMA for which we neither performed any reservation nor copied\nany page tables.\n\nConsequently untrack_pfn() will see VM_PAT and try obtaining the\nPAT information from the page table -- which fails because the page\ntable was not copied.\n\nThe easiest fix would be to simply clear the VM_PAT flag of the dst VMA\nif track_pfn_copy() fails. However, the whole thing is about \"simply\"\nclearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy()\nand performed a reservation, but copying the page tables fails, we\u0027ll\nsimply clear the VM_PAT flag, not properly undoing the reservation ...\nwhich is also wrong.\n\nSo let\u0027s fix it properly: set the VM_PAT flag only if the reservation\nsucceeded (leaving it clear initially), and undo the reservation if\nanything goes wrong while copying the page tables: clearing the VM_PAT\nflag after undoing the reservation.\n\nNote that any copied page table entries will get zapped when the VMA will\nget removed later, after copy_page_range() succeeded; as VM_PAT is not set\nthen, we won\u0027t try cleaning VM_PAT up once more and untrack_pfn() will be\nhappy. Note that leaving these page tables in place without a reservation\nis not a problem, as we are aborting fork(); this process will never run.\n\nA reproducer can trigger this usually at the first try:\n\n https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c\n\n WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110\n Modules linked in: ...\n CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:get_pat_info+0xf6/0x110\n ...\n Call Trace:\n \u003cTASK\u003e\n ...\n untrack_pfn+0x52/0x110\n unmap_single_vma+0xa6/0xe0\n unmap_vmas+0x105/0x1f0\n exit_mmap+0xf6/0x460\n __mmput+0x4b/0x120\n copy_process+0x1bf6/0x2aa0\n kernel_clone+0xab/0x440\n __do_sys_clone+0x66/0x90\n do_syscall_64+0x95/0x180\n\nLikely this case was missed in:\n\n d155df53f310 (\"x86/mm/pat: clear VM_PAT if copy_p4d_range failed\")\n\n... and instead of undoing the reservation we simply cleared the VM_PAT flag.\n\nKeep the documentation of these functions in include/linux/pgtable.h,\none place is more than sufficient -- we should clean that up for the other\nfunctions like track_pfn_remap/untrack_pfn separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22090",
"url": "https://www.suse.com/security/cve/CVE-2025-22090"
},
{
"category": "external",
"summary": "SUSE Bug 1241537 for CVE-2025-22090",
"url": "https://bugzilla.suse.com/1241537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22090"
},
{
"cve": "CVE-2025-22091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix page_size variable overflow\n\nChange all variables storing mlx5_umem_mkc_find_best_pgsz() result to\nunsigned long to support values larger than 31 and avoid overflow.\n\nFor example: If we try to register 4GB of memory that is contiguous in\nphysical memory, the driver will optimize the page_size and try to use\nan mkey with 4GB entity size. The \u0027unsigned int\u0027 page_size variable will\noverflow to \u00270\u0027 and we\u0027ll hit the WARN_ON() in alloc_cacheable_mr().\n\nWARNING: CPU: 2 PID: 1203 at drivers/infiniband/hw/mlx5/mr.c:1124 alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\nModules linked in: mlx5_ib mlx5_core bonding ip6_gre ip6_tunnel tunnel6 ip_gre gre rdma_rxe rdma_ucm ib_uverbs ib_ipoib ib_umad rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm fuse ib_core [last unloaded: mlx5_core]\nCPU: 2 UID: 70878 PID: 1203 Comm: rdma_resource_l Tainted: G W 6.14.0-rc4-dirty #43\nTainted: [W]=WARN\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\nCode: 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 41 52 53 48 83 ec 30 f6 46 28 04 4c 8b 77 08 75 21 \u003c0f\u003e 0b 49 c7 c2 ea ff ff ff 48 8d 65 d0 4c 89 d0 5b 41 5a 41 5c 41\nRSP: 0018:ffffc900006ffac8 EFLAGS: 00010246\nRAX: 0000000004c0d0d0 RBX: ffff888217a22000 RCX: 0000000000100001\nRDX: 00007fb7ac480000 RSI: ffff8882037b1240 RDI: ffff8882046f0600\nRBP: ffffc900006ffb28 R08: 0000000000000001 R09: 0000000000000000\nR10: 00000000000007e0 R11: ffffea0008011d40 R12: ffff8882037b1240\nR13: ffff8882046f0600 R14: ffff888217a22000 R15: ffffc900006ffe00\nFS: 00007fb7ed013340(0000) GS:ffff88885fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fb7ed1d8000 CR3: 00000001fd8f6006 CR4: 0000000000772eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x81/0x130\n ? alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\n ? report_bug+0xfc/0x1e0\n ? handle_bug+0x55/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\n create_real_mr+0x54/0x150 [mlx5_ib]\n ib_uverbs_reg_mr+0x17f/0x2a0 [ib_uverbs]\n ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xca/0x140 [ib_uverbs]\n ib_uverbs_run_method+0x6d0/0x780 [ib_uverbs]\n ? __pfx_ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x10/0x10 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x19b/0x360 [ib_uverbs]\n ? walk_system_ram_range+0x79/0xd0\n ? ___pte_offset_map+0x1b/0x110\n ? __pte_offset_map_lock+0x80/0x100\n ib_uverbs_ioctl+0xac/0x110 [ib_uverbs]\n __x64_sys_ioctl+0x94/0xb0\n do_syscall_64+0x50/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fb7ecf0737b\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 2a 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffdbe03ecc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffdbe03edb8 RCX: 00007fb7ecf0737b\nRDX: 00007ffdbe03eda0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffdbe03ed80 R08: 00007fb7ecc84010 R09: 00007ffdbe03eed4\nR10: 0000000000000009 R11: 0000000000000246 R12: 00007ffdbe03eed4\nR13: 000000000000000c R14: 000000000000000c R15: 00007fb7ecc84150\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22091",
"url": "https://www.suse.com/security/cve/CVE-2025-22091"
},
{
"category": "external",
"summary": "SUSE Bug 1241535 for CVE-2025-22091",
"url": "https://bugzilla.suse.com/1241535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22091"
},
{
"cve": "CVE-2025-22093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid NPD when ASIC does not support DMUB\n\nctx-\u003edmub_srv will de NULL if the ASIC does not support DMUB, which is\ntested in dm_dmub_sw_init.\n\nHowever, it will be dereferenced in dmub_hw_lock_mgr_cmd if\nshould_use_dmub_lock returns true.\n\nThis has been the case since dmub support has been added for PSR1.\n\nFix this by checking for dmub_srv in should_use_dmub_lock.\n\n[ 37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[ 37.447808] #PF: supervisor read access in kernel mode\n[ 37.452959] #PF: error_code(0x0000) - not-present page\n[ 37.458112] PGD 0 P4D 0\n[ 37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88\n[ 37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023\n[ 37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0\n[ 37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 \u003c48\u003e 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5\n[ 37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202\n[ 37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358\n[ 37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000\n[ 37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5\n[ 37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000\n[ 37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000\n[ 37.551725] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000\n[ 37.559814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0\n[ 37.572697] Call Trace:\n[ 37.575152] \u003cTASK\u003e\n[ 37.577258] ? __die_body+0x66/0xb0\n[ 37.580756] ? page_fault_oops+0x3e7/0x4a0\n[ 37.584861] ? exc_page_fault+0x3e/0xe0\n[ 37.588706] ? exc_page_fault+0x5c/0xe0\n[ 37.592550] ? asm_exc_page_fault+0x22/0x30\n[ 37.596742] ? dmub_hw_lock_mgr_cmd+0x77/0xb0\n[ 37.601107] dcn10_cursor_lock+0x1e1/0x240\n[ 37.605211] program_cursor_attributes+0x81/0x190\n[ 37.609923] commit_planes_for_stream+0x998/0x1ef0\n[ 37.614722] update_planes_and_stream_v2+0x41e/0x5c0\n[ 37.619703] dc_update_planes_and_stream+0x78/0x140\n[ 37.624588] amdgpu_dm_atomic_commit_tail+0x4362/0x49f0\n[ 37.629832] ? srso_return_thunk+0x5/0x5f\n[ 37.633847] ? mark_held_locks+0x6d/0xd0\n[ 37.637774] ? _raw_spin_unlock_irq+0x24/0x50\n[ 37.642135] ? srso_return_thunk+0x5/0x5f\n[ 37.646148] ? lockdep_hardirqs_on+0x95/0x150\n[ 37.650510] ? srso_return_thunk+0x5/0x5f\n[ 37.654522] ? _raw_spin_unlock_irq+0x2f/0x50\n[ 37.658883] ? srso_return_thunk+0x5/0x5f\n[ 37.662897] ? wait_for_common+0x186/0x1c0\n[ 37.666998] ? srso_return_thunk+0x5/0x5f\n[ 37.671009] ? drm_crtc_next_vblank_start+0xc3/0x170\n[ 37.675983] commit_tail+0xf5/0x1c0\n[ 37.679478] drm_atomic_helper_commit+0x2a2/0x2b0\n[ 37.684186] drm_atomic_commit+0xd6/0x100\n[ 37.688199] ? __cfi___drm_printfn_info+0x10/0x10\n[ 37.692911] drm_atomic_helper_update_plane+0xe5/0x130\n[ 37.698054] drm_mode_cursor_common+0x501/0x670\n[ 37.702600] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[ 37.707572] drm_mode_cursor_ioctl+0x48/0x70\n[ 37.711851] drm_ioctl_kernel+0xf2/0x150\n[ 37.715781] drm_ioctl+0x363/0x590\n[ 37.719189] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[ 37.724165] amdgpu_drm_ioctl+0x41/0x80\n[ 37.728013] __se_sys_ioctl+0x7f/0xd0\n[ 37.731685] do_syscall_64+0x87/0x100\n[ 37.735355] ? vma_end_read+0x12/0xe0\n[ 37.739024] ? srso_return_thunk+0x5/0x5f\n[ 37.743041] ? find_held_lock+0x47/0xf0\n[ 37.746884] ? vma_end_read+0x12/0xe0\n[ 37.750552] ? srso_return_thunk+0x5/0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22093",
"url": "https://www.suse.com/security/cve/CVE-2025-22093"
},
{
"category": "external",
"summary": "SUSE Bug 1241545 for CVE-2025-22093",
"url": "https://bugzilla.suse.com/1241545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22093"
},
{
"cve": "CVE-2025-22094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Fix ref-counting on the PMU \u0027vpa_pmu\u0027\n\nCommit 176cda0619b6 (\"powerpc/perf: Add perf interface to expose vpa\ncounters\") introduced \u0027vpa_pmu\u0027 to expose Book3s-HV nested APIv2 provided\nL1\u003c-\u003eL2 context switch latency counters to L1 user-space via\nperf-events. However the newly introduced PMU named \u0027vpa_pmu\u0027 doesn\u0027t\nassign ownership of the PMU to the module \u0027vpa_pmu\u0027. Consequently the\nmodule \u0027vpa_pmu\u0027 can be unloaded while one of the perf-events are still\nactive, which can lead to kernel oops and panic of the form below on a\nPseries-LPAR:\n\nBUG: Kernel NULL pointer dereference on read at 0x00000058\n\u003csnip\u003e\n NIP [c000000000506cb8] event_sched_out+0x40/0x258\n LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0\n Call Trace:\n [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable)\n [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0\n [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120\n\u003csnip\u003e\n Kernel panic - not syncing: Aiee, killing interrupt handler!\n\nFix this by adding the module ownership to \u0027vpa_pmu\u0027 so that the module\n\u0027vpa_pmu\u0027 is ref-counted and prevented from being unloaded when perf-events\nare initialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22094",
"url": "https://www.suse.com/security/cve/CVE-2025-22094"
},
{
"category": "external",
"summary": "SUSE Bug 1241512 for CVE-2025-22094",
"url": "https://bugzilla.suse.com/1241512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22094"
},
{
"cve": "CVE-2025-22097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22097"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Fix use after free and double free on init error\n\nIf the driver initialization fails, the vkms_exit() function might\naccess an uninitialized or freed default_config pointer and it might\ndouble free it.\n\nFix both possible errors by initializing default_config only when the\ndriver initialization succeeded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22097",
"url": "https://www.suse.com/security/cve/CVE-2025-22097"
},
{
"category": "external",
"summary": "SUSE Bug 1241541 for CVE-2025-22097",
"url": "https://bugzilla.suse.com/1241541"
},
{
"category": "external",
"summary": "SUSE Bug 1241542 for CVE-2025-22097",
"url": "https://bugzilla.suse.com/1241542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-22097"
},
{
"cve": "CVE-2025-22102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix kernel panic during FW release\n\nThis fixes a kernel panic seen during release FW in a stress test\nscenario where WLAN and BT FW download occurs simultaneously, and due to\na HW bug, chip sends out only 1 bootloader signatures.\n\nWhen driver receives the bootloader signature, it enters FW download\nmode, but since no consequtive bootloader signatures seen, FW file is\nnot requested.\n\nAfter 60 seconds, when FW download times out, release_firmware causes a\nkernel panic.\n\n[ 2601.949184] Unable to handle kernel paging request at virtual address 0000312e6f006573\n[ 2601.992076] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000111802000\n[ 2601.992080] [0000312e6f006573] pgd=0000000000000000, p4d=0000000000000000\n[ 2601.992087] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP\n[ 2601.992091] Modules linked in: algif_hash algif_skcipher af_alg btnxpuart(O) pciexxx(O) mlan(O) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce snd_soc_fsl_easrc snd_soc_fsl_asoc_card imx8_media_dev(C) snd_soc_fsl_micfil polyval_generic snd_soc_fsl_xcvr snd_soc_fsl_sai snd_soc_imx_audmux snd_soc_fsl_asrc snd_soc_imx_card snd_soc_imx_hdmi snd_soc_fsl_aud2htx snd_soc_fsl_utils imx_pcm_dma dw_hdmi_cec flexcan can_dev\n[ 2602.001825] CPU: 2 PID: 20060 Comm: hciconfig Tainted: G C O 6.6.23-lts-next-06236-gb586a521770e #1\n[ 2602.010182] Hardware name: NXP i.MX8MPlus EVK board (DT)\n[ 2602.010185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2602.010191] pc : _raw_spin_lock+0x34/0x68\n[ 2602.010201] lr : free_fw_priv+0x20/0xfc\n[ 2602.020561] sp : ffff800089363b30\n[ 2602.020563] x29: ffff800089363b30 x28: ffff0000d0eb5880 x27: 0000000000000000\n[ 2602.020570] x26: 0000000000000000 x25: ffff0000d728b330 x24: 0000000000000000\n[ 2602.020577] x23: ffff0000dc856f38\n[ 2602.033797] x22: ffff800089363b70 x21: ffff0000dc856000\n[ 2602.033802] x20: ff00312e6f006573 x19: ffff0000d0d9ea80 x18: 0000000000000000\n[ 2602.033809] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaad80dd480\n[ 2602.083320] x14: 0000000000000000 x13: 00000000000001b9 x12: 0000000000000002\n[ 2602.083326] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff800089363a30\n[ 2602.083333] x8 : ffff0001793d75c0 x7 : ffff0000d6dbc400 x6 : 0000000000000000\n[ 2602.083339] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000001\n[ 2602.083346] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ff00312e6f006573\n[ 2602.083354] Call trace:\n[ 2602.083356] _raw_spin_lock+0x34/0x68\n[ 2602.083364] release_firmware+0x48/0x6c\n[ 2602.083370] nxp_setup+0x3c4/0x540 [btnxpuart]\n[ 2602.083383] hci_dev_open_sync+0xf0/0xa34\n[ 2602.083391] hci_dev_open+0xd8/0x178\n[ 2602.083399] hci_sock_ioctl+0x3b0/0x590\n[ 2602.083405] sock_do_ioctl+0x60/0x118\n[ 2602.083413] sock_ioctl+0x2f4/0x374\n[ 2602.091430] __arm64_sys_ioctl+0xac/0xf0\n[ 2602.091437] invoke_syscall+0x48/0x110\n[ 2602.091445] el0_svc_common.constprop.0+0xc0/0xe0\n[ 2602.091452] do_el0_svc+0x1c/0x28\n[ 2602.091457] el0_svc+0x40/0xe4\n[ 2602.091465] el0t_64_sync_handler+0x120/0x12c\n[ 2602.091470] el0t_64_sync+0x190/0x194",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22102",
"url": "https://www.suse.com/security/cve/CVE-2025-22102"
},
{
"category": "external",
"summary": "SUSE Bug 1241456 for CVE-2025-22102",
"url": "https://bugzilla.suse.com/1241456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22102"
},
{
"cve": "CVE-2025-22103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix NULL pointer dereference in l3mdev_l3_rcv\n\nWhen delete l3s ipvlan:\n\n ip link del link eth0 ipvlan1 type ipvlan mode l3s\n\nThis may cause a null pointer dereference:\n\n Call trace:\n ip_rcv_finish+0x48/0xd0\n ip_rcv+0x5c/0x100\n __netif_receive_skb_one_core+0x64/0xb0\n __netif_receive_skb+0x20/0x80\n process_backlog+0xb4/0x204\n napi_poll+0xe8/0x294\n net_rx_action+0xd8/0x22c\n __do_softirq+0x12c/0x354\n\nThis is because l3mdev_l3_rcv() visit dev-\u003el3mdev_ops after\nipvlan_l3s_unregister() assign the dev-\u003el3mdev_ops to NULL. The process\nlike this:\n\n (CPU1) | (CPU2)\n l3mdev_l3_rcv() |\n check dev-\u003epriv_flags: |\n master = skb-\u003edev; |\n |\n | ipvlan_l3s_unregister()\n | set dev-\u003epriv_flags\n | dev-\u003el3mdev_ops = NULL;\n |\n visit master-\u003el3mdev_ops |\n\nTo avoid this by do not set dev-\u003el3mdev_ops when unregister l3s ipvlan.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22103",
"url": "https://www.suse.com/security/cve/CVE-2025-22103"
},
{
"category": "external",
"summary": "SUSE Bug 1241448 for CVE-2025-22103",
"url": "https://bugzilla.suse.com/1241448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22103"
},
{
"cve": "CVE-2025-22104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Use kernel helpers for hex dumps\n\nPreviously, when the driver was printing hex dumps, the buffer was cast\nto an 8 byte long and printed using string formatters. If the buffer\nsize was not a multiple of 8 then a read buffer overflow was possible.\n\nTherefore, create a new ibmvnic function that loops over a buffer and\ncalls hex_dump_to_buffer instead.\n\nThis patch address KASAN reports like the one below:\n ibmvnic 30000003 env3: Login Buffer:\n ibmvnic 30000003 env3: 01000000af000000\n \u003c...\u003e\n ibmvnic 30000003 env3: 2e6d62692e736261\n ibmvnic 30000003 env3: 65050003006d6f63\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]\n Read of size 8 at addr c0000001331a9aa8 by task ip/17681\n \u003c...\u003e\n Allocated by task 17681:\n \u003c...\u003e\n ibmvnic_login+0x2f0/0xffc [ibmvnic]\n ibmvnic_open+0x148/0x308 [ibmvnic]\n __dev_open+0x1ac/0x304\n \u003c...\u003e\n The buggy address is located 168 bytes inside of\n allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)\n \u003c...\u003e\n =================================================================\n ibmvnic 30000003 env3: 000000000033766e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22104",
"url": "https://www.suse.com/security/cve/CVE-2025-22104"
},
{
"category": "external",
"summary": "SUSE Bug 1241550 for CVE-2025-22104",
"url": "https://bugzilla.suse.com/1241550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22104"
},
{
"cve": "CVE-2025-22105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: check xdp prog when set bond mode\n\nFollowing operations can trigger a warning[1]:\n\n ip netns add ns1\n ip netns exec ns1 ip link add bond0 type bond mode balance-rr\n ip netns exec ns1 ip link set dev bond0 xdp obj af_xdp_kern.o sec xdp\n ip netns exec ns1 ip link set bond0 type bond mode broadcast\n ip netns del ns1\n\nWhen delete the namespace, dev_xdp_uninstall() is called to remove xdp\nprogram on bond dev, and bond_xdp_set() will check the bond mode. If bond\nmode is changed after attaching xdp program, the warning may occur.\n\nSome bond modes (broadcast, etc.) do not support native xdp. Set bond mode\nwith xdp program attached is not good. Add check for xdp program when set\nbond mode.\n\n [1]\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:9912 unregister_netdevice_many_notify+0x8d9/0x930\n Modules linked in:\n CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.14.0-rc4 #107\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n Workqueue: netns cleanup_net\n RIP: 0010:unregister_netdevice_many_notify+0x8d9/0x930\n Code: 00 00 48 c7 c6 6f e3 a2 82 48 c7 c7 d0 b3 96 82 e8 9c 10 3e ...\n RSP: 0018:ffffc90000063d80 EFLAGS: 00000282\n RAX: 00000000ffffffa1 RBX: ffff888004959000 RCX: 00000000ffffdfff\n RDX: 0000000000000000 RSI: 00000000ffffffea RDI: ffffc90000063b48\n RBP: ffffc90000063e28 R08: ffffffff82d39b28 R09: 0000000000009ffb\n R10: 0000000000000175 R11: ffffffff82d09b40 R12: ffff8880049598e8\n R13: 0000000000000001 R14: dead000000000100 R15: ffffc90000045000\n FS: 0000000000000000(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000d406b60 CR3: 000000000483e000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x83/0x130\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x54/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? bond_net_exit_batch_rtnl+0x5c/0x90\n cleanup_net+0x237/0x3d0\n process_one_work+0x163/0x390\n worker_thread+0x293/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xec/0x1e0\n ? __pfx_kthread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22105",
"url": "https://www.suse.com/security/cve/CVE-2025-22105"
},
{
"category": "external",
"summary": "SUSE Bug 1241548 for CVE-2025-22105",
"url": "https://bugzilla.suse.com/1241548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22105"
},
{
"cve": "CVE-2025-22106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: unregister xdp rxq info in the reset path\n\nvmxnet3 does not unregister xdp rxq info in the\nvmxnet3_reset_work() code path as vmxnet3_rq_destroy()\nis not invoked in this code path. So, we get below message with a\nbacktrace.\n\nMissing unregister, handled but fix driver\nWARNING: CPU:48 PID: 500 at net/core/xdp.c:182\n__xdp_rxq_info_reg+0x93/0xf0\n\nThis patch fixes the problem by moving the unregister\ncode of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22106",
"url": "https://www.suse.com/security/cve/CVE-2025-22106"
},
{
"category": "external",
"summary": "SUSE Bug 1241547 for CVE-2025-22106",
"url": "https://bugzilla.suse.com/1241547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22106"
},
{
"cve": "CVE-2025-22107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()\n\nThere are actually 2 problems:\n- deleting the last element doesn\u0027t require the memmove of elements\n [i + 1, end) over it. Actually, element i+1 is out of bounds.\n- The memmove itself should move size - i - 1 elements, because the last\n element is out of bounds.\n\nThe out-of-bounds element still remains out of bounds after being\naccessed, so the problem is only that we touch it, not that it becomes\nin active use. But I suppose it can lead to issues if the out-of-bounds\nelement is part of an unmapped page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22107",
"url": "https://www.suse.com/security/cve/CVE-2025-22107"
},
{
"category": "external",
"summary": "SUSE Bug 1241575 for CVE-2025-22107",
"url": "https://bugzilla.suse.com/1241575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22107"
},
{
"cve": "CVE-2025-22108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Mask the bd_cnt field in the TX BD properly\n\nThe bd_cnt field in the TX BD specifies the total number of BDs for\nthe TX packet. The bd_cnt field has 5 bits and the maximum number\nsupported is 32 with the value 0.\n\nCONFIG_MAX_SKB_FRAGS can be modified and the total number of SKB\nfragments can approach or exceed the maximum supported by the chip.\nAdd a macro to properly mask the bd_cnt field so that the value 32\nwill be properly masked and set to 0 in the bd_cnd field.\n\nWithout this patch, the out-of-range bd_cnt value will corrupt the\nTX BD and may cause TX timeout.\n\nThe next patch will check for values exceeding 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22108",
"url": "https://www.suse.com/security/cve/CVE-2025-22108"
},
{
"category": "external",
"summary": "SUSE Bug 1241574 for CVE-2025-22108",
"url": "https://bugzilla.suse.com/1241574"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22108"
},
{
"cve": "CVE-2025-22109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Remove broken autobind\n\nBinding AX25 socket by using the autobind feature leads to memory leaks\nin ax25_connect() and also refcount leaks in ax25_release(). Memory\nleak was detected with kmemleak:\n\n================================================================\nunreferenced object 0xffff8880253cd680 (size 96):\nbacktrace:\n__kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43)\nkmemdup_noprof (mm/util.c:136)\nax25_rt_autobind (net/ax25/ax25_route.c:428)\nax25_connect (net/ax25/af_ax25.c:1282)\n__sys_connect_file (net/socket.c:2045)\n__sys_connect (net/socket.c:2064)\n__x64_sys_connect (net/socket.c:2067)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n================================================================\n\nWhen socket is bound, refcounts must be incremented the way it is done\nin ax25_bind() and ax25_setsockopt() (SO_BINDTODEVICE). In case of\nautobind, the refcounts are not incremented.\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nax25_connect(): syz-executor318 uses autobind, please contact jreuter@yaina.de\n------------[ cut here ]------------\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 0 PID: 5317 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\nModules linked in:\nCPU: 0 UID: 0 PID: 5317 Comm: syz-executor318 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\n...\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4302 [inline]\n netdev_put include/linux/netdevice.h:4319 [inline]\n ax25_release+0x368/0x960 net/ax25/af_ax25.c:1080\n __sock_release net/socket.c:647 [inline]\n sock_close+0xbc/0x240 net/socket.c:1398\n __fput+0x3e9/0x9f0 fs/file_table.c:464\n __do_sys_close fs/open.c:1580 [inline]\n __se_sys_close fs/open.c:1565 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1565\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nConsidering the issues above and the comments left in the code that say:\n\"check if we can remove this feature. It is broken.\"; \"autobinding in this\nmay or may not work\"; - it is better to completely remove this feature than\nto fix it because it is broken and leads to various kinds of memory bugs.\n\nNow calling connect() without first binding socket will result in an\nerror (-EINVAL). Userspace software that relies on the autobind feature\nmight get broken. However, this feature does not seem widely used with\nthis specific driver as it was not reliable at any point of time, and it\nis already broken anyway. E.g. ax25-tools and ax25-apps packages for\npopular distributions do not use the autobind feature for AF_AX25.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22109",
"url": "https://www.suse.com/security/cve/CVE-2025-22109"
},
{
"category": "external",
"summary": "SUSE Bug 1241573 for CVE-2025-22109",
"url": "https://bugzilla.suse.com/1241573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22109"
},
{
"cve": "CVE-2025-22112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix out-of-range access of vnic_info array\n\nThe bnxt_queue_{start | stop}() access vnic_info as much as allocated,\nwhich indicates bp-\u003enr_vnics.\nSo, it should not reach bp-\u003evnic_info[bp-\u003enr_vnics].",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22112",
"url": "https://www.suse.com/security/cve/CVE-2025-22112"
},
{
"category": "external",
"summary": "SUSE Bug 1241581 for CVE-2025-22112",
"url": "https://bugzilla.suse.com/1241581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22112"
},
{
"cve": "CVE-2025-22115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix block group refcount race in btrfs_create_pending_block_groups()\n\nBlock group creation is done in two phases, which results in a slightly\nunintuitive property: a block group can be allocated/deallocated from\nafter btrfs_make_block_group() adds it to the space_info with\nbtrfs_add_bg_to_space_info(), but before creation is completely completed\nin btrfs_create_pending_block_groups(). As a result, it is possible for a\nblock group to go unused and have \u0027btrfs_mark_bg_unused\u0027 called on it\nconcurrently with \u0027btrfs_create_pending_block_groups\u0027. This causes a\nnumber of issues, which were fixed with the block group flag\n\u0027BLOCK_GROUP_FLAG_NEW\u0027.\n\nHowever, this fix is not quite complete. Since it does not use the\nunused_bg_lock, it is possible for the following race to occur:\n\nbtrfs_create_pending_block_groups btrfs_mark_bg_unused\n if list_empty // false\n list_del_init\n clear_bit\n else if (test_bit) // true\n list_move_tail\n\nAnd we get into the exact same broken ref count and invalid new_bgs\nstate for transaction cleanup that BLOCK_GROUP_FLAG_NEW was designed to\nprevent.\n\nThe broken refcount aspect will result in a warning like:\n\n [1272.943527] refcount_t: underflow; use-after-free.\n [1272.943967] WARNING: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\n [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs]\n [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G W 6.14.0-rc5+ #108\n [1272.946368] Tainted: [W]=WARN\n [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs]\n [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110\n [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282\n [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000\n [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff\n [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268\n [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0\n [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0\n [1272.952850] FS: 0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000\n [1272.953458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0\n [1272.954474] Call Trace:\n [1272.954655] \u003cTASK\u003e\n [1272.954812] ? refcount_warn_saturate+0xba/0x110\n [1272.955173] ? __warn.cold+0x93/0xd7\n [1272.955487] ? refcount_warn_saturate+0xba/0x110\n [1272.955816] ? report_bug+0xe7/0x120\n [1272.956103] ? handle_bug+0x53/0x90\n [1272.956424] ? exc_invalid_op+0x13/0x60\n [1272.956700] ? asm_exc_invalid_op+0x16/0x20\n [1272.957011] ? refcount_warn_saturate+0xba/0x110\n [1272.957399] btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs]\n [1272.957853] btrfs_put_block_group.cold+0x5d/0x8e [btrfs]\n [1272.958289] btrfs_discard_workfn+0x194/0x380 [btrfs]\n [1272.958729] process_one_work+0x130/0x290\n [1272.959026] worker_thread+0x2ea/0x420\n [1272.959335] ? __pfx_worker_thread+0x10/0x10\n [1272.959644] kthread+0xd7/0x1c0\n [1272.959872] ? __pfx_kthread+0x10/0x10\n [1272.960172] ret_from_fork+0x30/0x50\n [1272.960474] ? __pfx_kthread+0x10/0x10\n [1272.960745] ret_from_fork_asm+0x1a/0x30\n [1272.961035] \u003c/TASK\u003e\n [1272.961238] ---[ end trace 0000000000000000 ]---\n\nThough we have seen them in the async discard workfn as well. It is\nmost likely to happen after a relocation finishes which cancels discard,\ntears down the block group, etc.\n\nFix this fully by taking the lock arou\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22115",
"url": "https://www.suse.com/security/cve/CVE-2025-22115"
},
{
"category": "external",
"summary": "SUSE Bug 1241578 for CVE-2025-22115",
"url": "https://bugzilla.suse.com/1241578"
},
{
"category": "external",
"summary": "SUSE Bug 1241579 for CVE-2025-22115",
"url": "https://bugzilla.suse.com/1241579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-22115"
},
{
"cve": "CVE-2025-22116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: check error for register_netdev() on init\n\nCurrent init logic ignores the error code from register_netdev(),\nwhich will cause WARN_ON() on attempt to unregister it, if there was one,\nand there is no info for the user that the creation of the netdev failed.\n\nWARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10\n...\n[ 3707.563641] unregister_netdev+0x1c/0x30\n[ 3707.563656] idpf_vport_dealloc+0x5cf/0xce0 [idpf]\n[ 3707.563684] idpf_deinit_task+0xef/0x160 [idpf]\n[ 3707.563712] idpf_vc_core_deinit+0x84/0x320 [idpf]\n[ 3707.563739] idpf_remove+0xbf/0x780 [idpf]\n[ 3707.563769] pci_device_remove+0xab/0x1e0\n[ 3707.563786] device_release_driver_internal+0x371/0x530\n[ 3707.563803] driver_detach+0xbf/0x180\n[ 3707.563816] bus_remove_driver+0x11b/0x2a0\n[ 3707.563829] pci_unregister_driver+0x2a/0x250\n\nIntroduce an error check and log the vport number and error code.\nOn removal make sure to check VPORT_REG_NETDEV flag prior to calling\nunregister and free on the netdev.\n\nAdd local variables for idx, vport_config and netdev for readability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22116",
"url": "https://www.suse.com/security/cve/CVE-2025-22116"
},
{
"category": "external",
"summary": "SUSE Bug 1241459 for CVE-2025-22116",
"url": "https://bugzilla.suse.com/1241459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22116"
},
{
"cve": "CVE-2025-22117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22117"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()\n\nFix using the untrusted value of proto-\u003eraw.pkt_len in function\nice_vc_fdir_parse_raw() by verifying if it does not exceed the\nVIRTCHNL_MAX_SIZE_RAW_PACKET value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22117",
"url": "https://www.suse.com/security/cve/CVE-2025-22117"
},
{
"category": "external",
"summary": "SUSE Bug 1241633 for CVE-2025-22117",
"url": "https://bugzilla.suse.com/1241633"
},
{
"category": "external",
"summary": "SUSE Bug 1241634 for CVE-2025-22117",
"url": "https://bugzilla.suse.com/1241634"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-22117"
},
{
"cve": "CVE-2025-22118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: validate queue quanta parameters to prevent OOB access\n\nAdd queue wraparound prevention in quanta configuration.\nEnsure end_qid does not overflow by validating start_qid and num_queues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22118",
"url": "https://www.suse.com/security/cve/CVE-2025-22118"
},
{
"category": "external",
"summary": "SUSE Bug 1241562 for CVE-2025-22118",
"url": "https://bugzilla.suse.com/1241562"
},
{
"category": "external",
"summary": "SUSE Bug 1241563 for CVE-2025-22118",
"url": "https://bugzilla.suse.com/1241563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-22118"
},
{
"cve": "CVE-2025-22121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()\n\nThere\u0027s issue as follows:\nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790\nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172\n\nCPU: 3 PID: 15172 Comm: syz-executor.0\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0xbe/0xfd lib/dump_stack.c:123\n print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137\n ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896\n ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323\n evict+0x39f/0x880 fs/inode.c:622\n iput_final fs/inode.c:1746 [inline]\n iput fs/inode.c:1772 [inline]\n iput+0x525/0x6c0 fs/inode.c:1758\n ext4_orphan_cleanup fs/ext4/super.c:3298 [inline]\n ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300\n mount_bdev+0x355/0x410 fs/super.c:1446\n legacy_get_tree+0xfe/0x220 fs/fs_context.c:611\n vfs_get_tree+0x8d/0x2f0 fs/super.c:1576\n do_new_mount fs/namespace.c:2983 [inline]\n path_mount+0x119a/0x1ad0 fs/namespace.c:3316\n do_mount+0xfc/0x110 fs/namespace.c:3329\n __do_sys_mount fs/namespace.c:3540 [inline]\n __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nMemory state around the buggy address:\n ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\u003effff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ^\n ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nAbove issue happens as ext4_xattr_delete_inode() isn\u0027t check xattr\nis valid if xattr is in inode.\nTo solve above issue call xattr_check_inode() check if xattr if valid\nin inode. In fact, we can directly verify in ext4_iget_extra_inode(),\nso that there is no divergent verification.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22121",
"url": "https://www.suse.com/security/cve/CVE-2025-22121"
},
{
"category": "external",
"summary": "SUSE Bug 1241593 for CVE-2025-22121",
"url": "https://bugzilla.suse.com/1241593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22121"
},
{
"cve": "CVE-2025-22125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1,raid10: don\u0027t ignore IO flags\n\nIf blk-wbt is enabled by default, it\u0027s found that raid write performance\nis quite bad because all IO are throttled by wbt of underlying disks,\ndue to flag REQ_IDLE is ignored. And turns out this behaviour exist since\nblk-wbt is introduced.\n\nOther than REQ_IDLE, other flags should not be ignored as well, for\nexample REQ_META can be set for filesystems, clearing it can cause priority\nreverse problems; And REQ_NOWAIT should not be cleared as well, because\nio will wait instead of failing directly in underlying disks.\n\nFix those problems by keep IO flags from master bio.\n\nFises: f51d46d0e7cb (\"md: add support for REQ_NOWAIT\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22125",
"url": "https://www.suse.com/security/cve/CVE-2025-22125"
},
{
"category": "external",
"summary": "SUSE Bug 1241596 for CVE-2025-22125",
"url": "https://bugzilla.suse.com/1241596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22125"
},
{
"cve": "CVE-2025-22126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix mddev uaf while iterating all_mddevs list\n\nWhile iterating all_mddevs list from md_notify_reboot() and md_exit(),\nlist_for_each_entry_safe is used, and this can race with deletint the\nnext mddev, causing UAF:\n\nt1:\nspin_lock\n//list_for_each_entry_safe(mddev, n, ...)\n mddev_get(mddev1)\n // assume mddev2 is the next entry\n spin_unlock\n t2:\n //remove mddev2\n ...\n mddev_free\n spin_lock\n list_del\n spin_unlock\n kfree(mddev2)\n mddev_put(mddev1)\n spin_lock\n //continue dereference mddev2-\u003eall_mddevs\n\nThe old helper for_each_mddev() actually grab the reference of mddev2\nwhile holding the lock, to prevent from being freed. This problem can be\nfixed the same way, however, the code will be complex.\n\nHence switch to use list_for_each_entry, in this case mddev_put() can free\nthe mddev1 and it\u0027s not safe as well. Refer to md_seq_show(), also factor\nout a helper mddev_put_locked() to fix this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22126",
"url": "https://www.suse.com/security/cve/CVE-2025-22126"
},
{
"category": "external",
"summary": "SUSE Bug 1241597 for CVE-2025-22126",
"url": "https://bugzilla.suse.com/1241597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22126"
},
{
"cve": "CVE-2025-22128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22128"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath12k_pci_msi_alloc(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ.\n\nThis may end up with a warning from the IRQ core that is expecting the\naffinity hint to be cleared before freeing the IRQ:\n\nkernel/irq/manage.c:\n\n\t/* make sure affinity_hint is cleaned up */\n\tif (WARN_ON_ONCE(desc-\u003eaffinity_hint))\n\t\tdesc-\u003eaffinity_hint = NULL;\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath12k_pci_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22128",
"url": "https://www.suse.com/security/cve/CVE-2025-22128"
},
{
"category": "external",
"summary": "SUSE Bug 1241598 for CVE-2025-22128",
"url": "https://bugzilla.suse.com/1241598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22128"
},
{
"cve": "CVE-2025-2312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2312"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2312",
"url": "https://www.suse.com/security/cve/CVE-2025-2312"
},
{
"category": "external",
"summary": "SUSE Bug 1239680 for CVE-2025-2312",
"url": "https://bugzilla.suse.com/1239680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-2312"
},
{
"cve": "CVE-2025-23129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath11k_pci_alloc_msi(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ. This results in the\nbelow warning:\n\nWARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 free_irq+0x278/0x29c\nCall trace:\n free_irq+0x278/0x29c\n ath11k_pcic_free_irq+0x70/0x10c [ath11k]\n ath11k_pci_probe+0x800/0x820 [ath11k_pci]\n local_pci_probe+0x40/0xbc\n\nThe warning is due to not clearing the affinity hint before freeing the\nIRQs.\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath11k_pcic_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.\n\nTested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23129",
"url": "https://www.suse.com/security/cve/CVE-2025-23129"
},
{
"category": "external",
"summary": "SUSE Bug 1241599 for CVE-2025-23129",
"url": "https://bugzilla.suse.com/1241599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23129"
},
{
"cve": "CVE-2025-23131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: prevent NPD when writing a positive value to event_done\n\ndo_uevent returns the value written to event_done. In case it is a\npositive value, new_lockspace would undo all the work, and lockspace\nwould not be set. __dlm_new_lockspace, however, would treat that\npositive value as a success due to commit 8511a2728ab8 (\"dlm: fix use\ncount with multiple joins\").\n\nDown the line, device_create_lockspace would pass that NULL lockspace to\ndlm_find_lockspace_local, leading to a NULL pointer dereference.\n\nTreating such positive values as successes prevents the problem. Given\nthis has been broken for so long, this is unlikely to break userspace\nexpectations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23131",
"url": "https://www.suse.com/security/cve/CVE-2025-23131"
},
{
"category": "external",
"summary": "SUSE Bug 1241601 for CVE-2025-23131",
"url": "https://bugzilla.suse.com/1241601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23131"
},
{
"cve": "CVE-2025-23133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: update channel list in reg notifier instead reg worker\n\nCurrently when ath11k gets a new channel list, it will be processed\naccording to the following steps:\n1. update new channel list to cfg80211 and queue reg_work.\n2. cfg80211 handles new channel list during reg_work.\n3. update cfg80211\u0027s handled channel list to firmware by\nath11k_reg_update_chan_list().\n\nBut ath11k will immediately execute step 3 after reg_work is just\nqueued. Since step 2 is asynchronous, cfg80211 may not have completed\nhandling the new channel list, which may leading to an out-of-bounds\nwrite error:\nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list\nCall Trace:\n ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]\n kfree+0x109/0x3a0\n ath11k_regd_update+0x1cf/0x350 [ath11k]\n ath11k_regd_update_work+0x14/0x20 [ath11k]\n process_one_work+0xe35/0x14c0\n\nShould ensure step 2 is completely done before executing step 3. Thus\nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,\ncfg80211 will notify ath11k after step 2 is done.\n\nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will\nnotify ath11k after step 2 is done. At this time, there will be no\nKASAN bug during the execution of the step 3.\n\n[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23133",
"url": "https://www.suse.com/security/cve/CVE-2025-23133"
},
{
"category": "external",
"summary": "SUSE Bug 1241451 for CVE-2025-23133",
"url": "https://bugzilla.suse.com/1241451"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23133"
},
{
"cve": "CVE-2025-23134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Don\u0027t take register_mutex with copy_from/to_user()\n\nThe infamous mmap_lock taken in copy_from/to_user() can be often\nproblematic when it\u0027s called inside another mutex, as they might lead\nto deadlocks.\n\nIn the case of ALSA timer code, the bad pattern is with\nguard(mutex)(\u0026register_mutex) that covers copy_from/to_user() -- which\nwas mistakenly introduced at converting to guard(), and it had been\ncarefully worked around in the past.\n\nThis patch fixes those pieces simply by moving copy_from/to_user() out\nof the register mutex lock again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23134",
"url": "https://www.suse.com/security/cve/CVE-2025-23134"
},
{
"category": "external",
"summary": "SUSE Bug 1241628 for CVE-2025-23134",
"url": "https://bugzilla.suse.com/1241628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23134"
},
{
"cve": "CVE-2025-23136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: int340x: Add NULL check for adev\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL.\nThis is similar to the commit cd2fd6eab480\n(\"platform/x86: int3472: Check for adev == NULL\").\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in int3402_thermal_probe().\n\nNote, under the same directory, int3400_thermal_probe() has such a\ncheck.\n\n[ rjw: Subject edit, added Fixes: ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23136",
"url": "https://www.suse.com/security/cve/CVE-2025-23136"
},
{
"category": "external",
"summary": "SUSE Bug 1241357 for CVE-2025-23136",
"url": "https://bugzilla.suse.com/1241357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23136"
},
{
"cve": "CVE-2025-23138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: fix pipe accounting mismatch\n\nCurrently, watch_queue_set_size() modifies the pipe buffers charged to\nuser-\u003epipe_bufs without updating the pipe-\u003enr_accounted on the pipe\nitself, due to the if (!pipe_has_watch_queue()) test in\npipe_resize_ring(). This means that when the pipe is ultimately freed,\nwe decrement user-\u003epipe_bufs by something other than what than we had\ncharged to it, potentially leading to an underflow. This in turn can\ncause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.\n\nTo remedy this, explicitly account for the pipe usage in\nwatch_queue_set_size() to match the number set via account_pipe_buffers()\n\n(It\u0027s unclear why watch_queue_set_size() does not update nr_accounted;\nit may be due to intentional overprovisioning in watch_queue_set_size()?)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23138",
"url": "https://www.suse.com/security/cve/CVE-2025-23138"
},
{
"category": "external",
"summary": "SUSE Bug 1241648 for CVE-2025-23138",
"url": "https://bugzilla.suse.com/1241648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23138"
},
{
"cve": "CVE-2025-23140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error\n\nAfter devm_request_irq() fails with error in pci_endpoint_test_request_irq(),\nthe pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs\nhave been released.\n\nHowever, some requested IRQs remain unreleased, so there are still\n/proc/irq/* entries remaining, and this results in WARN() with the\nfollowing message:\n\n remove_proc_entry: removing non-empty directory \u0027irq/30\u0027, leaking at least \u0027pci-endpoint-test.0\u0027\n WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c\n\nTo solve this issue, set the number of remaining IRQs to test-\u003enum_irqs,\nand release IRQs in advance by calling pci_endpoint_test_release_irq().\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23140",
"url": "https://www.suse.com/security/cve/CVE-2025-23140"
},
{
"category": "external",
"summary": "SUSE Bug 1242763 for CVE-2025-23140",
"url": "https://bugzilla.suse.com/1242763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23140"
},
{
"cve": "CVE-2025-23145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\n\nCall trace:\n\n mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n ip_local_deliver (./net/ipv4/ip_input.c:254)\n ip_rcv_finish (./net/ipv4/ip_input.c:449)\n ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23145",
"url": "https://www.suse.com/security/cve/CVE-2025-23145"
},
{
"category": "external",
"summary": "SUSE Bug 1242596 for CVE-2025-23145",
"url": "https://bugzilla.suse.com/1242596"
},
{
"category": "external",
"summary": "SUSE Bug 1242882 for CVE-2025-23145",
"url": "https://bugzilla.suse.com/1242882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-23145"
},
{
"cve": "CVE-2025-23150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off-by-one error in do_split\n\nSyzkaller detected a use-after-free issue in ext4_insert_dentry that was\ncaused by out-of-bounds access due to incorrect splitting in do_split.\n\nBUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\nWrite of size 251 at addr ffff888074572f14 by task syz-executor335/5847\n\nCPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\n add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154\n make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455\n ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796\n ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431\n vfs_symlink+0x137/0x2e0 fs/namei.c:4615\n do_symlinkat+0x222/0x3a0 fs/namei.c:4641\n __do_sys_symlink fs/namei.c:4662 [inline]\n __se_sys_symlink fs/namei.c:4660 [inline]\n __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThe following loop is located right above \u0027if\u0027 statement.\n\nfor (i = count-1; i \u003e= 0; i--) {\n\t/* is more than half of this entry in 2nd half of the block? */\n\tif (size + map[i].size/2 \u003e blocksize/2)\n\t\tbreak;\n\tsize += map[i].size;\n\tmove++;\n}\n\n\u0027i\u0027 in this case could go down to -1, in which case sum of active entries\nwouldn\u0027t exceed half the block size, but previous behaviour would also do\nsplit in half if sum would exceed at the very last block, which in case of\nhaving too many long name files in a single block could lead to\nout-of-bounds access and following use-after-free.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23150",
"url": "https://www.suse.com/security/cve/CVE-2025-23150"
},
{
"category": "external",
"summary": "SUSE Bug 1242513 for CVE-2025-23150",
"url": "https://bugzilla.suse.com/1242513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23150"
},
{
"cve": "CVE-2025-23154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: fix io_req_post_cqe abuse by send bundle\n\n[ 114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0\n[ 114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0\n[ 115.001880][ T5313] Call Trace:\n[ 115.002222][ T5313] \u003cTASK\u003e\n[ 115.007813][ T5313] io_send+0x4fe/0x10f0\n[ 115.009317][ T5313] io_issue_sqe+0x1a6/0x1740\n[ 115.012094][ T5313] io_wq_submit_work+0x38b/0xed0\n[ 115.013223][ T5313] io_worker_handle_work+0x62a/0x1600\n[ 115.013876][ T5313] io_wq_worker+0x34f/0xdf0\n\nAs the comment states, io_req_post_cqe() should only be used by\nmultishot requests, i.e. REQ_F_APOLL_MULTISHOT, which bundled sends are\nnot. Add a flag signifying whether a request wants to post multiple\nCQEs. Eventually REQ_F_APOLL_MULTISHOT should imply the new flag, but\nthat\u0027s left out for simplicity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23154",
"url": "https://www.suse.com/security/cve/CVE-2025-23154"
},
{
"category": "external",
"summary": "SUSE Bug 1242533 for CVE-2025-23154",
"url": "https://bugzilla.suse.com/1242533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23154"
},
{
"cve": "CVE-2025-23160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23160"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization\n\nOn Mediatek devices with a system companion processor (SCP) the mtk_scp\nstructure has to be removed explicitly to avoid a resource leak.\nFree the structure in case the allocation of the firmware structure fails\nduring the firmware initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23160",
"url": "https://www.suse.com/security/cve/CVE-2025-23160"
},
{
"category": "external",
"summary": "SUSE Bug 1242507 for CVE-2025-23160",
"url": "https://bugzilla.suse.com/1242507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-23160"
},
{
"cve": "CVE-2025-37747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix hang while freeing sigtrap event\n\nPerf can hang while freeing a sigtrap event if a related deferred\nsignal hadn\u0027t managed to be sent before the file got closed:\n\nperf_event_overflow()\n task_work_add(perf_pending_task)\n\nfput()\n task_work_add(____fput())\n\ntask_work_run()\n ____fput()\n perf_release()\n perf_event_release_kernel()\n _free_event()\n perf_pending_task_sync()\n task_work_cancel() -\u003e FAILED\n rcuwait_wait_event()\n\nOnce task_work_run() is running, the list of pending callbacks is\nremoved from the task_struct and from this point on task_work_cancel()\ncan\u0027t remove any pending and not yet started work items, hence the\ntask_work_cancel() failure and the hang on rcuwait_wait_event().\n\nTask work could be changed to remove one work at a time, so a work\nrunning on the current task can always cancel a pending one, however\nthe wait / wake design is still subject to inverted dependencies when\nremote targets are involved, as pictured by Oleg:\n\nT1 T2\n\nfd = perf_event_open(pid =\u003e T2-\u003epid); fd = perf_event_open(pid =\u003e T1-\u003epid);\nclose(fd) close(fd)\n \u003cIRQ\u003e \u003cIRQ\u003e\n perf_event_overflow() perf_event_overflow()\n task_work_add(perf_pending_task) task_work_add(perf_pending_task)\n \u003c/IRQ\u003e \u003c/IRQ\u003e\n fput() fput()\n task_work_add(____fput()) task_work_add(____fput())\n\n task_work_run() task_work_run()\n ____fput() ____fput()\n perf_release() perf_release()\n perf_event_release_kernel() perf_event_release_kernel()\n _free_event() _free_event()\n perf_pending_task_sync() perf_pending_task_sync()\n rcuwait_wait_event() rcuwait_wait_event()\n\nTherefore the only option left is to acquire the event reference count\nupon queueing the perf task work and release it from the task work, just\nlike it was done before 3a5465418f5f (\"perf: Fix event leak upon exec and file release\")\nbut without the leaks it fixed.\n\nSome adjustments are necessary to make it work:\n\n* A child event might dereference its parent upon freeing. Care must be\n taken to release the parent last.\n\n* Some places assuming the event doesn\u0027t have any reference held and\n therefore can be freed right away must instead put the reference and\n let the reference counting to its job.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37747",
"url": "https://www.suse.com/security/cve/CVE-2025-37747"
},
{
"category": "external",
"summary": "SUSE Bug 1242520 for CVE-2025-37747",
"url": "https://bugzilla.suse.com/1242520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37747"
},
{
"cve": "CVE-2025-37748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group\n\nCurrently, mtk_iommu calls during probe iommu_device_register before\nthe hw_list from driver data is initialized. Since iommu probing issue\nfix, it leads to NULL pointer dereference in mtk_iommu_device_group when\nhw_list is accessed with list_first_entry (not null safe).\n\nSo, change the call order to ensure iommu_device_register is called\nafter the driver data are initialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37748",
"url": "https://www.suse.com/security/cve/CVE-2025-37748"
},
{
"category": "external",
"summary": "SUSE Bug 1242523 for CVE-2025-37748",
"url": "https://bugzilla.suse.com/1242523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37748"
},
{
"cve": "CVE-2025-37749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4 p *(struct pppoe_hdr *) (skb-\u003ehead + skb-\u003enetwork_header)\n$18 = {\n\ttype = 0x1,\n\tver = 0x1,\n\tcode = 0x0,\n\tsid = 0x2,\n length = 0x0,\n\ttag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n tail = 0x16,\n end = 0x140,\n head = 0xffff88803346f400 \"4\",\n data = 0xffff88803346f416 \":\\377\",\n truesize = 0x380,\n len = 0x0,\n data_len = 0x0,\n mac_len = 0xe,\n hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37749",
"url": "https://www.suse.com/security/cve/CVE-2025-37749"
},
{
"category": "external",
"summary": "SUSE Bug 1242859 for CVE-2025-37749",
"url": "https://bugzilla.suse.com/1242859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37749"
},
{
"cve": "CVE-2025-37750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in decryption with multichannel\n\nAfter commit f7025d861694 (\"smb: client: allocate crypto only for\nprimary server\") and commit b0abcd65ec54 (\"smb: client: fix UAF in\nasync decryption\"), the channels started reusing AEAD TFM from primary\nchannel to perform synchronous decryption, but that can\u0027t done as\nthere could be multiple cifsd threads (one per channel) simultaneously\naccessing it to perform decryption.\n\nThis fixes the following KASAN splat when running fstest generic/249\nwith \u0027vers=3.1.1,multichannel,max_channels=4,seal\u0027 against Windows\nServer 2022:\n\nBUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110\nRead of size 8 at addr ffff8881046c18a0 by task cifsd/986\nCPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1\nPREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n print_report+0x156/0x528\n ? gf128mul_4k_lle+0xba/0x110\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? gf128mul_4k_lle+0xba/0x110\n kasan_report+0xdf/0x1a0\n ? gf128mul_4k_lle+0xba/0x110\n gf128mul_4k_lle+0xba/0x110\n ghash_update+0x189/0x210\n shash_ahash_update+0x295/0x370\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_extract_iter_to_sg+0x10/0x10\n ? ___kmalloc_large_node+0x10e/0x180\n ? __asan_memset+0x23/0x50\n crypto_ahash_update+0x3c/0xc0\n gcm_hash_assoc_remain_continue+0x93/0xc0\n crypt_message+0xe09/0xec0 [cifs]\n ? __pfx_crypt_message+0x10/0x10 [cifs]\n ? _raw_spin_unlock+0x23/0x40\n ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs]\n decrypt_raw_data+0x229/0x380 [cifs]\n ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs]\n smb3_receive_transform+0x837/0xc80 [cifs]\n ? __pfx_smb3_receive_transform+0x10/0x10 [cifs]\n ? __pfx___might_resched+0x10/0x10\n ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs]\n cifs_demultiplex_thread+0x692/0x1570 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n ? rcu_is_watching+0x20/0x50\n ? rcu_lockdep_current_cpu_online+0x62/0xb0\n ? find_held_lock+0x32/0x90\n ? kvm_sched_clock_read+0x11/0x20\n ? local_clock_noinstr+0xd/0xd0\n ? trace_irq_enable.constprop.0+0xa8/0xe0\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0x1fe/0x380\n ? kthread+0x10f/0x380\n ? __pfx_kthread+0x10/0x10\n ? local_clock_noinstr+0xd/0xd0\n ? ret_from_fork+0x1b/0x60\n ? local_clock+0x15/0x30\n ? lock_release+0x29b/0x390\n ? rcu_is_watching+0x20/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37750",
"url": "https://www.suse.com/security/cve/CVE-2025-37750"
},
{
"category": "external",
"summary": "SUSE Bug 1242510 for CVE-2025-37750",
"url": "https://bugzilla.suse.com/1242510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37750"
},
{
"cve": "CVE-2025-37755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37755"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: handle page_pool_dev_alloc_pages error\n\npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis is similar to commit 001ba0902046\n(\"net: fec: handle page_pool_dev_alloc_pages error\").\n\nThis is found by our static analysis tool KNighter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37755",
"url": "https://www.suse.com/security/cve/CVE-2025-37755"
},
{
"category": "external",
"summary": "SUSE Bug 1242506 for CVE-2025-37755",
"url": "https://bugzilla.suse.com/1242506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37755"
},
{
"cve": "CVE-2025-37773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: add filesystem context source name check\n\nIn certain scenarios, for example, during fuzz testing, the source\nname may be NULL, which could lead to a kernel panic. Therefore, an\nextra check for the source name should be added.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37773",
"url": "https://www.suse.com/security/cve/CVE-2025-37773"
},
{
"category": "external",
"summary": "SUSE Bug 1242502 for CVE-2025-37773",
"url": "https://bugzilla.suse.com/1242502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37773"
},
{
"cve": "CVE-2025-37780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: Prevent the use of too small fid\n\nsyzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1]\n\nThe handle_bytes value passed in by the reproducing program is equal to 12.\nIn handle_to_path(), only 12 bytes of memory are allocated for the structure\nfile_handle-\u003ef_handle member, which causes an out-of-bounds access when\naccessing the member parent_block of the structure isofs_fid in isofs,\nbecause accessing parent_block requires at least 16 bytes of f_handle.\nHere, fh_len is used to indirectly confirm that the value of handle_bytes\nis greater than 3 before accessing parent_block.\n\n[1]\nBUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\nRead of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466\nCPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x198/0x550 mm/kasan/report.c:521\n kasan_report+0xd8/0x138 mm/kasan/report.c:634\n __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380\n isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\n exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523\n do_handle_to_path+0xa0/0x198 fs/fhandle.c:257\n handle_to_path fs/fhandle.c:385 [inline]\n do_handle_open+0x8cc/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 6466:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306\n kmalloc_noprof include/linux/slab.h:905 [inline]\n handle_to_path fs/fhandle.c:357 [inline]\n do_handle_open+0x5a4/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37780",
"url": "https://www.suse.com/security/cve/CVE-2025-37780"
},
{
"category": "external",
"summary": "SUSE Bug 1242786 for CVE-2025-37780",
"url": "https://bugzilla.suse.com/1242786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37780"
},
{
"cve": "CVE-2025-37785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix OOB read when checking dotdot dir\n\nMounting a corrupted filesystem with directory which contains \u0027.\u0027 dir\nentry with rec_len == block size results in out-of-bounds read (later\non, when the corrupted directory is removed).\n\next4_empty_dir() assumes every ext4 directory contains at least \u0027.\u0027\nand \u0027..\u0027 as directory entries in the first data block. It first loads\nthe \u0027.\u0027 dir entry, performs sanity checks by calling ext4_check_dir_entry()\nand then uses its rec_len member to compute the location of \u0027..\u0027 dir\nentry (in ext4_next_entry). It assumes the \u0027..\u0027 dir entry fits into the\nsame data block.\n\nIf the rec_len of \u0027.\u0027 is precisely one block (4KB), it slips through the\nsanity checks (it is considered the last directory entry in the data\nblock) and leaves \"struct ext4_dir_entry_2 *de\" point exactly past the\nmemory slot allocated to the data block. The following call to\next4_check_dir_entry() on new value of de then dereferences this pointer\nwhich results in out-of-bounds mem access.\n\nFix this by extending __ext4_check_dir_entry() to check for \u0027.\u0027 dir\nentries that reach the end of data block. Make sure to ignore the phony\ndir entries for checksum (by checking name_len for non-zero).\n\nNote: This is reported by KASAN as use-after-free in case another\nstructure was recently freed from the slot past the bound, but it is\nreally an OOB read.\n\nThis issue was found by syzkaller tool.\n\nCall Trace:\n[ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710\n[ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375\n[ 38.595158]\n[ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1\n[ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 38.595304] Call Trace:\n[ 38.595308] \u003cTASK\u003e\n[ 38.595311] dump_stack_lvl+0xa7/0xd0\n[ 38.595325] print_address_description.constprop.0+0x2c/0x3f0\n[ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595349] print_report+0xaa/0x250\n[ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595368] ? kasan_addr_to_slab+0x9/0x90\n[ 38.595378] kasan_report+0xab/0xe0\n[ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595400] __ext4_check_dir_entry+0x67e/0x710\n[ 38.595410] ext4_empty_dir+0x465/0x990\n[ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10\n[ 38.595432] ext4_rmdir.part.0+0x29a/0xd10\n[ 38.595441] ? __dquot_initialize+0x2a7/0xbf0\n[ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10\n[ 38.595464] ? __pfx___dquot_initialize+0x10/0x10\n[ 38.595478] ? down_write+0xdb/0x140\n[ 38.595487] ? __pfx_down_write+0x10/0x10\n[ 38.595497] ext4_rmdir+0xee/0x140\n[ 38.595506] vfs_rmdir+0x209/0x670\n[ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190\n[ 38.595529] do_rmdir+0x363/0x3c0\n[ 38.595537] ? __pfx_do_rmdir+0x10/0x10\n[ 38.595544] ? strncpy_from_user+0x1ff/0x2e0\n[ 38.595561] __x64_sys_unlinkat+0xf0/0x130\n[ 38.595570] do_syscall_64+0x5b/0x180\n[ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37785",
"url": "https://www.suse.com/security/cve/CVE-2025-37785"
},
{
"category": "external",
"summary": "SUSE Bug 1241640 for CVE-2025-37785",
"url": "https://bugzilla.suse.com/1241640"
},
{
"category": "external",
"summary": "SUSE Bug 1241698 for CVE-2025-37785",
"url": "https://bugzilla.suse.com/1241698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37785"
},
{
"cve": "CVE-2025-37787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered\n\nRussell King reports that a system with mv88e6xxx dereferences a NULL\npointer when unbinding this driver:\nhttps://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/\n\nThe crash seems to be in devlink_region_destroy(), which is not NULL\ntolerant but is given a NULL devlink global region pointer.\n\nAt least on some chips, some devlink regions are conditionally registered\nsince the blamed commit, see mv88e6xxx_setup_devlink_regions_global():\n\n\t\tif (cond \u0026\u0026 !cond(chip))\n\t\t\tcontinue;\n\nThese are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip\ndoes not have an STU or PVT, it should crash like this.\n\nTo fix the issue, avoid unregistering those regions which are NULL, i.e.\nwere skipped at mv88e6xxx_setup_devlink_regions_global() time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37787",
"url": "https://www.suse.com/security/cve/CVE-2025-37787"
},
{
"category": "external",
"summary": "SUSE Bug 1242585 for CVE-2025-37787",
"url": "https://bugzilla.suse.com/1242585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37787"
},
{
"cve": "CVE-2025-37789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37789"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt\u0027s not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header. Check that the attribute is OK first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37789",
"url": "https://www.suse.com/security/cve/CVE-2025-37789"
},
{
"category": "external",
"summary": "SUSE Bug 1242762 for CVE-2025-37789",
"url": "https://bugzilla.suse.com/1242762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37789"
},
{
"cve": "CVE-2025-37790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Set SOCK_RCU_FREE\n\nBind lookup runs under RCU, so ensure that a socket doesn\u0027t go away in\nthe middle of a lookup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37790",
"url": "https://www.suse.com/security/cve/CVE-2025-37790"
},
{
"category": "external",
"summary": "SUSE Bug 1242509 for CVE-2025-37790",
"url": "https://bugzilla.suse.com/1242509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37790"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
},
{
"cve": "CVE-2025-37798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37798",
"url": "https://www.suse.com/security/cve/CVE-2025-37798"
},
{
"category": "external",
"summary": "SUSE Bug 1242414 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242414"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37798",
"url": "https://bugzilla.suse.com/1242417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "important"
}
],
"title": "CVE-2025-37798"
},
{
"cve": "CVE-2025-37799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp\n\nvmxnet3 driver\u0027s XDP handling is buggy for packet sizes using ring0 (that\nis, packet sizes between 128 - 3k bytes).\n\nWe noticed MTU-related connectivity issues with Cilium\u0027s service load-\nbalancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP\nbackend service where the XDP LB was doing IPIP encap led to overly large\npacket sizes but only for *some* of the packets (e.g. HTTP GET request)\nwhile others (e.g. the prior TCP 3WHS) looked completely fine on the wire.\n\nIn fact, the pcap recording on the backend node actually revealed that the\nnode with the XDP LB was leaking uninitialized kernel data onto the wire\nfor the affected packets, for example, while the packets should have been\n152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes\nwas padded with whatever other data was in that page at the time (e.g. we\nsaw user/payload data from prior processed packets).\n\nWe only noticed this through an MTU issue, e.g. when the XDP LB node and\nthe backend node both had the same MTU (e.g. 1500) then the curl request\ngot dropped on the backend node\u0027s NIC given the packet was too large even\nthough the IPIP-encapped packet normally would never even come close to\nthe MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let\nthe curl request succeed (which also indicates that the kernel ignored the\npadding, and thus the issue wasn\u0027t very user-visible).\n\nCommit e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") was too eager\nto also switch xdp_prepare_buff() from rcd-\u003elen to rbi-\u003elen. It really needs\nto stick to rcd-\u003elen which is the actual packet length from the descriptor.\nThe latter we also feed into vmxnet3_process_xdp_small(), by the way, and\nit indicates the correct length needed to initialize the xdp-\u003e{data,data_end}\nparts. For e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") the\nrelevant part was adapting xdp_init_buff() to address the warning given the\nxdp_data_hard_end() depends on xdp-\u003eframe_sz. With that fixed, traffic on\nthe wire looks good again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37799",
"url": "https://www.suse.com/security/cve/CVE-2025-37799"
},
{
"category": "external",
"summary": "SUSE Bug 1242283 for CVE-2025-37799",
"url": "https://bugzilla.suse.com/1242283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37799"
},
{
"cve": "CVE-2025-37803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64 when calculate pglimit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37803",
"url": "https://www.suse.com/security/cve/CVE-2025-37803"
},
{
"category": "external",
"summary": "SUSE Bug 1242852 for CVE-2025-37803",
"url": "https://bugzilla.suse.com/1242852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37803"
},
{
"cve": "CVE-2025-37804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37804"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37804",
"url": "https://www.suse.com/security/cve/CVE-2025-37804"
},
{
"category": "external",
"summary": "SUSE Bug 1242854 for CVE-2025-37804",
"url": "https://bugzilla.suse.com/1242854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37804"
},
{
"cve": "CVE-2025-37809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: class: Fix NULL pointer access\n\nConcurrent calls to typec_partner_unlink_device can lead to a NULL pointer\ndereference. This patch adds a mutex to protect USB device pointers and\nprevent this issue. The same mutex protects both the device pointers and\nthe partner device registration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37809",
"url": "https://www.suse.com/security/cve/CVE-2025-37809"
},
{
"category": "external",
"summary": "SUSE Bug 1242856 for CVE-2025-37809",
"url": "https://bugzilla.suse.com/1242856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37809"
},
{
"cve": "CVE-2025-37820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: handle NULL returned by xdp_convert_buff_to_frame()\n\nThe function xdp_convert_buff_to_frame() may return NULL if it fails\nto correctly convert the XDP buffer into an XDP frame due to memory\nconstraints, internal errors, or invalid data. Failing to check for NULL\nmay lead to a NULL pointer dereference if the result is used later in\nprocessing, potentially causing crashes, data corruption, or undefined\nbehavior.\n\nOn XDP redirect failure, the associated page must be released explicitly\nif it was previously retained via get_page(). Failing to do so may result\nin a memory leak, as the pages reference count is not decremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37820",
"url": "https://www.suse.com/security/cve/CVE-2025-37820"
},
{
"category": "external",
"summary": "SUSE Bug 1242866 for CVE-2025-37820",
"url": "https://bugzilla.suse.com/1242866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37820"
},
{
"cve": "CVE-2025-37823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too\n\nSimilarly to the previous patch, we need to safe guard hfsc_dequeue()\ntoo. But for this one, we don\u0027t have a reliable reproducer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37823",
"url": "https://www.suse.com/security/cve/CVE-2025-37823"
},
{
"category": "external",
"summary": "SUSE Bug 1242924 for CVE-2025-37823",
"url": "https://bugzilla.suse.com/1242924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37823"
},
{
"cve": "CVE-2025-37824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix NULL pointer dereference in tipc_mon_reinit_self()\n\nsyzbot reported:\n\ntipc: Node number set to 1055423674\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: events tipc_net_finalize_work\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS: 0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tipc_net_finalize+0x10b/0x180 net/tipc/net.c:140\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n...\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS: 0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nThere is a racing condition between workqueue created when enabling\nbearer and another thread created when disabling bearer right after\nthat as follow:\n\nenabling_bearer | disabling_bearer\n--------------- | ----------------\ntipc_disc_timeout() |\n{ | bearer_disable()\n ... | {\n schedule_work(\u0026tn-\u003ework); | tipc_mon_delete()\n ... | {\n} | ...\n | write_lock_bh(\u0026mon-\u003elock);\n | mon-\u003eself = NULL;\n | write_unlock_bh(\u0026mon-\u003elock);\n | ...\n | }\ntipc_net_finalize_work() | }\n{ |\n ... |\n tipc_net_finalize() |\n { |\n ... |\n tipc_mon_reinit_self() |\n { |\n ... |\n write_lock_bh(\u0026mon-\u003elock); |\n mon-\u003eself-\u003eaddr = tipc_own_addr(net); |\n write_unlock_bh(\u0026mon-\u003elock); |\n ... \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37824",
"url": "https://www.suse.com/security/cve/CVE-2025-37824"
},
{
"category": "external",
"summary": "SUSE Bug 1242867 for CVE-2025-37824",
"url": "https://bugzilla.suse.com/1242867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37824"
},
{
"cve": "CVE-2025-37829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. scpi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37829",
"url": "https://www.suse.com/security/cve/CVE-2025-37829"
},
{
"category": "external",
"summary": "SUSE Bug 1242875 for CVE-2025-37829",
"url": "https://bugzilla.suse.com/1242875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37829"
},
{
"cve": "CVE-2025-37830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. scmi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.\n\nAdd NULL check after cpufreq_cpu_get_raw() to prevent this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37830",
"url": "https://www.suse.com/security/cve/CVE-2025-37830"
},
{
"category": "external",
"summary": "SUSE Bug 1242860 for CVE-2025-37830",
"url": "https://bugzilla.suse.com/1242860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37830"
},
{
"cve": "CVE-2025-37831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. apple_soc_cpufreq_get_rate() does not check\nfor this case, which results in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37831",
"url": "https://www.suse.com/security/cve/CVE-2025-37831"
},
{
"category": "external",
"summary": "SUSE Bug 1242861 for CVE-2025-37831",
"url": "https://bugzilla.suse.com/1242861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37831"
},
{
"cve": "CVE-2025-37833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads\n\nFix niu_try_msix() to not cause a fatal trap on sparc systems.\n\nSet PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to\nwork around a bug in the hardware or firmware.\n\nFor each vector entry in the msix table, niu chips will cause a fatal\ntrap if any registers in that entry are read before that entries\u0027\nENTRY_DATA register is written to. Testing indicates writes to other\nregisters are not sufficient to prevent the fatal trap, however the value\ndoes not appear to matter. This only needs to happen once after power up,\nso simply rebooting into a kernel lacking this fix will NOT cause the\ntrap.\n\nNON-RESUMABLE ERROR: Reporting on cpu 64\nNON-RESUMABLE ERROR: TPC [0x00000000005f6900] \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\nNON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff\nNON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000]\nNON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]\nNON-RESUMABLE ERROR: type [precise nonresumable]\nNON-RESUMABLE ERROR: attrs [0x02000080] \u003c ASI sp-faulted priv \u003e\nNON-RESUMABLE ERROR: raddr [0xffffffffffffffff]\nNON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]\nNON-RESUMABLE ERROR: size [0x8]\nNON-RESUMABLE ERROR: asi [0x00]\nCPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63\nWorkqueue: events work_for_cpu_fn\nTSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted\nTPC: \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\ng0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100\ng4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000\no0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620\no4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128\nRPC: \u003c__pci_enable_msix_range+0x3cc/0x460\u003e\nl0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020\nl4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734\ni0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d\ni4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0\nI7: \u003cniu_try_msix.constprop.0+0xc0/0x130 [niu]\u003e\nCall Trace:\n[\u003c00000000101888b0\u003e] niu_try_msix.constprop.0+0xc0/0x130 [niu]\n[\u003c000000001018f840\u003e] niu_get_invariants+0x183c/0x207c [niu]\n[\u003c00000000101902fc\u003e] niu_pci_init_one+0x27c/0x2fc [niu]\n[\u003c00000000005ef3e4\u003e] local_pci_probe+0x28/0x74\n[\u003c0000000000469240\u003e] work_for_cpu_fn+0x8/0x1c\n[\u003c000000000046b008\u003e] process_scheduled_works+0x144/0x210\n[\u003c000000000046b518\u003e] worker_thread+0x13c/0x1c0\n[\u003c00000000004710e0\u003e] kthread+0xb8/0xc8\n[\u003c00000000004060c8\u003e] ret_from_fork+0x1c/0x2c\n[\u003c0000000000000000\u003e] 0x0\nKernel panic - not syncing: Non-resumable error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37833",
"url": "https://www.suse.com/security/cve/CVE-2025-37833"
},
{
"category": "external",
"summary": "SUSE Bug 1242868 for CVE-2025-37833",
"url": "https://bugzilla.suse.com/1242868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37833"
},
{
"cve": "CVE-2025-37842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-qspi: use devm function instead of driver remove\n\nDriver use devm APIs to manage clk/irq/resources and register the spi\ncontroller, but the legacy remove function will be called first during\ndevice detach and trigger kernel panic. Drop the remove function and use\ndevm_add_action_or_reset() for driver cleanup to ensure the release\nsequence.\n\nTrigger kernel panic on i.MX8MQ by\necho 30bb0000.spi \u003e/sys/bus/platform/drivers/fsl-quadspi/unbind",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37842",
"url": "https://www.suse.com/security/cve/CVE-2025-37842"
},
{
"category": "external",
"summary": "SUSE Bug 1242951 for CVE-2025-37842",
"url": "https://bugzilla.suse.com/1242951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37842"
},
{
"cve": "CVE-2025-37860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix NULL dereferences in ef100_process_design_param()\n\nSince cited commit, ef100_probe_main() and hence also\n ef100_check_design_params() run before efx-\u003enet_dev is created;\n consequently, we cannot netif_set_tso_max_size() or _segs() at this\n point.\nMove those netif calls to ef100_probe_netdev(), and also replace\n netif_err within the design params code with pci_err.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37860",
"url": "https://www.suse.com/security/cve/CVE-2025-37860"
},
{
"category": "external",
"summary": "SUSE Bug 1241452 for CVE-2025-37860",
"url": "https://bugzilla.suse.com/1241452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37860"
},
{
"cve": "CVE-2025-37870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: prevent hang on link training fail\n\n[Why]\nWhen link training fails, the phy clock will be disabled. However, in\nenable_streams, it is assumed that link training succeeded and the\nmux selects the phy clock, causing a hang when a register write is made.\n\n[How]\nWhen enable_stream is hit, check if link training failed. If it did, fall\nback to the ref clock to avoid a hang and keep the system in a recoverable\nstate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37870",
"url": "https://www.suse.com/security/cve/CVE-2025-37870"
},
{
"category": "external",
"summary": "SUSE Bug 1243056 for CVE-2025-37870",
"url": "https://bugzilla.suse.com/1243056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37870"
},
{
"cve": "CVE-2025-37879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/net: fix improper handling of bogus negative read/write replies\n\nIn p9_client_write() and p9_client_read_once(), if the server\nincorrectly replies with success but a negative write/read count then we\nwould consider written (negative) \u003c= rsize (positive) because both\nvariables were signed.\n\nMake variables unsigned to avoid this problem.\n\nThe reproducer linked below now fails with the following error instead\nof a null pointer deref:\n9pnet: bogus RWRITE count (4294967295 \u003e 3)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37879",
"url": "https://www.suse.com/security/cve/CVE-2025-37879"
},
{
"category": "external",
"summary": "SUSE Bug 1243077 for CVE-2025-37879",
"url": "https://bugzilla.suse.com/1243077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37879"
},
{
"cve": "CVE-2025-37886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: make wait_context part of q_info\n\nMake the wait_context a full part of the q_info struct rather\nthan a stack variable that goes away after pdsc_adminq_post()\nis done so that the context is still available after the wait\nloop has given up.\n\nThere was a case where a slow development firmware caused\nthe adminq request to time out, but then later the FW finally\nfinished the request and sent the interrupt. The handler tried\nto complete_all() the completion context that had been created\non the stack in pdsc_adminq_post() but no longer existed.\nThis caused bad pointer usage, kernel crashes, and much wailing\nand gnashing of teeth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37886",
"url": "https://www.suse.com/security/cve/CVE-2025-37886"
},
{
"category": "external",
"summary": "SUSE Bug 1242944 for CVE-2025-37886",
"url": "https://bugzilla.suse.com/1242944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37886"
},
{
"cve": "CVE-2025-37887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result\n\nIf the FW doesn\u0027t support the PDS_CORE_CMD_FW_CONTROL command\nthe driver might at the least print garbage and at the worst\ncrash when the user runs the \"devlink dev info\" devlink command.\n\nThis happens because the stack variable fw_list is not 0\ninitialized which results in fw_list.num_fw_slots being a\ngarbage value from the stack. Then the driver tries to access\nfw_list.fw_names[i] with i \u003e= ARRAY_SIZE and runs off the end\nof the array.\n\nFix this by initializing the fw_list and by not failing\ncompletely if the devcmd fails because other useful information\nis printed via devlink dev info even if the devcmd fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37887",
"url": "https://www.suse.com/security/cve/CVE-2025-37887"
},
{
"category": "external",
"summary": "SUSE Bug 1242962 for CVE-2025-37887",
"url": "https://bugzilla.suse.com/1242962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37887"
},
{
"cve": "CVE-2025-37949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxenbus: Use kref to track req lifetime\n\nMarek reported seeing a NULL pointer fault in the xenbus_thread\ncallstack:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: e030:__wake_up_common+0x4c/0x180\nCall Trace:\n \u003cTASK\u003e\n __wake_up_common_lock+0x82/0xd0\n process_msg+0x18e/0x2f0\n xenbus_thread+0x165/0x1c0\n\nprocess_msg+0x18e is req-\u003ecb(req). req-\u003ecb is set to xs_wake_up(), a\nthin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems\nlike it was xs_wake_up() in this case.\n\nIt seems like req may have woken up the xs_wait_for_reply(), which\nkfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed\ndata.\n\nLinux Device Drivers 2nd edition states:\n\"Normally, a wake_up call can cause an immediate reschedule to happen,\nmeaning that other processes might run before wake_up returns.\"\n... which would match the behaviour observed.\n\nChange to keeping two krefs on each request. One for the caller, and\none for xenbus_thread. Each will kref_put() when finished, and the last\nwill free it.\n\nThis use of kref matches the description in\nDocumentation/core-api/kref.rst",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37949",
"url": "https://www.suse.com/security/cve/CVE-2025-37949"
},
{
"category": "external",
"summary": "SUSE Bug 1243541 for CVE-2025-37949",
"url": "https://bugzilla.suse.com/1243541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37949"
},
{
"cve": "CVE-2025-37957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception\n\nPreviously, commit ed129ec9057f (\"KVM: x86: forcibly leave nested mode\non vCPU reset\") addressed an issue where a triple fault occurring in\nnested mode could lead to use-after-free scenarios. However, the commit\ndid not handle the analogous situation for System Management Mode (SMM).\n\nThis omission results in triggering a WARN when KVM forces a vCPU INIT\nafter SHUTDOWN interception while the vCPU is in SMM. This situation was\nreprodused using Syzkaller by:\n\n 1) Creating a KVM VM and vCPU\n 2) Sending a KVM_SMI ioctl to explicitly enter SMM\n 3) Executing invalid instructions causing consecutive exceptions and\n eventually a triple fault\n\nThe issue manifests as follows:\n\n WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112\n kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n Modules linked in:\n CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted\n 6.1.130-syzkaller-00157-g164fe5dde9b6 #0\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 1.12.0-1 04/01/2014\n RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n Call Trace:\n \u003cTASK\u003e\n shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136\n svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395\n svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457\n vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline]\n vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062\n kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283\n kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nArchitecturally, INIT is blocked when the CPU is in SMM, hence KVM\u0027s WARN()\nin kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper\nemulation of INIT. SHUTDOWN on SVM is a weird edge case where KVM needs to\ndo _something_ sane with the VMCB, since it\u0027s technically undefined, and\nINIT is the least awful choice given KVM\u0027s ABI.\n\nSo, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of\nSMM to avoid any weirdness (and the WARN).\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\n[sean: massage changelog, make it clear this isn\u0027t architectural behavior]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37957",
"url": "https://www.suse.com/security/cve/CVE-2025-37957"
},
{
"category": "external",
"summary": "SUSE Bug 1243513 for CVE-2025-37957",
"url": "https://bugzilla.suse.com/1243513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37957"
},
{
"cve": "CVE-2025-37958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37958"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: fix dereferencing invalid pmd migration entry\n\nWhen migrating a THP, concurrent access to the PMD migration entry during\na deferred split scan can lead to an invalid address access, as\nillustrated below. To prevent this invalid access, it is necessary to\ncheck the PMD migration entry and return early. In this context, there is\nno need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the\nequality of the target folio. Since the PMD migration entry is locked, it\ncannot be served as the target.\n\nMailing list discussion and explanation from Hugh Dickins: \"An anon_vma\nlookup points to a location which may contain the folio of interest, but\nmight instead contain another folio: and weeding out those other folios is\nprecisely what the \"folio != pmd_folio((*pmd)\" check (and the \"risk of\nreplacing the wrong folio\" comment a few lines above it) is for.\"\n\nBUG: unable to handle page fault for address: ffffea60001db008\nCPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60\nCall Trace:\n\u003cTASK\u003e\ntry_to_migrate_one+0x28c/0x3730\nrmap_walk_anon+0x4f6/0x770\nunmap_folio+0x196/0x1f0\nsplit_huge_page_to_list_to_order+0x9f6/0x1560\ndeferred_split_scan+0xac5/0x12a0\nshrinker_debugfs_scan_write+0x376/0x470\nfull_proxy_write+0x15c/0x220\nvfs_write+0x2fc/0xcb0\nksys_write+0x146/0x250\ndo_syscall_64+0x6a/0x120\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe bug is found by syzkaller on an internal kernel, then confirmed on\nupstream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37958",
"url": "https://www.suse.com/security/cve/CVE-2025-37958"
},
{
"category": "external",
"summary": "SUSE Bug 1243539 for CVE-2025-37958",
"url": "https://bugzilla.suse.com/1243539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37958"
},
{
"cve": "CVE-2025-37960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemblock: Accept allocated memory before use in memblock_double_array()\n\nWhen increasing the array size in memblock_double_array() and the slab\nis not yet available, a call to memblock_find_in_range() is used to\nreserve/allocate memory. However, the range returned may not have been\naccepted, which can result in a crash when booting an SNP guest:\n\n RIP: 0010:memcpy_orig+0x68/0x130\n Code: ...\n RSP: 0000:ffffffff9cc03ce8 EFLAGS: 00010006\n RAX: ff11001ff83e5000 RBX: 0000000000000000 RCX: fffffffffffff000\n RDX: 0000000000000bc0 RSI: ffffffff9dba8860 RDI: ff11001ff83e5c00\n RBP: 0000000000002000 R08: 0000000000000000 R09: 0000000000002000\n R10: 000000207fffe000 R11: 0000040000000000 R12: ffffffff9d06ef78\n R13: ff11001ff83e5000 R14: ffffffff9dba7c60 R15: 0000000000000c00\n memblock_double_array+0xff/0x310\n memblock_add_range+0x1fb/0x2f0\n memblock_reserve+0x4f/0xa0\n memblock_alloc_range_nid+0xac/0x130\n memblock_alloc_internal+0x53/0xc0\n memblock_alloc_try_nid+0x3d/0xa0\n swiotlb_init_remap+0x149/0x2f0\n mem_init+0xb/0xb0\n mm_core_init+0x8f/0x350\n start_kernel+0x17e/0x5d0\n x86_64_start_reservations+0x14/0x30\n x86_64_start_kernel+0x92/0xa0\n secondary_startup_64_no_verify+0x194/0x19b\n\nMitigate this by calling accept_memory() on the memory range returned\nbefore the slab is available.\n\nPrior to v6.12, the accept_memory() interface used a \u0027start\u0027 and \u0027end\u0027\nparameter instead of \u0027start\u0027 and \u0027size\u0027, therefore the accept_memory()\ncall must be adjusted to specify \u0027start + size\u0027 for \u0027end\u0027 when applying\nto kernels prior to v6.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37960",
"url": "https://www.suse.com/security/cve/CVE-2025-37960"
},
{
"category": "external",
"summary": "SUSE Bug 1243519 for CVE-2025-37960",
"url": "https://bugzilla.suse.com/1243519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37960"
},
{
"cve": "CVE-2025-37974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix missing check for zpci_create_device() error return\n\nThe zpci_create_device() function returns an error pointer that needs to\nbe checked before dereferencing it as a struct zpci_dev pointer. Add the\nmissing check in __clp_add() where it was missed when adding the\nscan_list in the fixed commit. Simply not adding the device to the scan\nlist results in the previous behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37974",
"url": "https://www.suse.com/security/cve/CVE-2025-37974"
},
{
"category": "external",
"summary": "SUSE Bug 1243547 for CVE-2025-37974",
"url": "https://bugzilla.suse.com/1243547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-37974"
},
{
"cve": "CVE-2025-38152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Clear table_sz when rproc_shutdown\n\nThere is case as below could trigger kernel dump:\nUse U-Boot to start remote processor(rproc) with resource table\npublished to a fixed address by rproc. After Kernel boots up,\nstop the rproc, load a new firmware which doesn\u0027t have resource table\n,and start rproc.\n\nWhen starting rproc with a firmware not have resource table,\n`memcpy(loaded_table, rproc-\u003ecached_table, rproc-\u003etable_sz)` will\ntrigger dump, because rproc-\u003ecache_table is set to NULL during the last\nstop operation, but rproc-\u003etable_sz is still valid.\n\nThis issue is found on i.MX8MP and i.MX9.\n\nDump as below:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af63000\n[0000000000000000] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in:\nCPU: 2 UID: 0 PID: 1060 Comm: sh Not tainted 6.14.0-rc7-next-20250317-dirty #38\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __pi_memcpy_generic+0x110/0x22c\nlr : rproc_start+0x88/0x1e0\nCall trace:\n __pi_memcpy_generic+0x110/0x22c (P)\n rproc_boot+0x198/0x57c\n state_store+0x40/0x104\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x120/0x1cc\n vfs_write+0x240/0x378\n ksys_write+0x70/0x108\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xcc\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n\nClear rproc-\u003etable_sz to address the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38152",
"url": "https://www.suse.com/security/cve/CVE-2025-38152"
},
{
"category": "external",
"summary": "SUSE Bug 1241627 for CVE-2025-38152",
"url": "https://bugzilla.suse.com/1241627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-38152"
},
{
"cve": "CVE-2025-38637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: skbprio: Remove overly strict queue assertions\n\nIn the current implementation, skbprio enqueue/dequeue contains an assertion\nthat fails under certain conditions when SKBPRIO is used as a child qdisc under\nTBF with specific parameters. The failure occurs because TBF sometimes peeks at\npackets in the child qdisc without actually dequeuing them when tokens are\nunavailable.\n\nThis peek operation creates a discrepancy between the parent and child qdisc\nqueue length counters. When TBF later receives a high-priority packet,\nSKBPRIO\u0027s queue length may show a different value than what\u0027s reflected in its\ninternal priority queue tracking, triggering the assertion.\n\nThe fix removes this overly strict assertions in SKBPRIO, they are not\nnecessary at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38637",
"url": "https://www.suse.com/security/cve/CVE-2025-38637"
},
{
"category": "external",
"summary": "SUSE Bug 1241657 for CVE-2025-38637",
"url": "https://bugzilla.suse.com/1241657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-38637"
},
{
"cve": "CVE-2025-39728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: samsung: Fix UBSAN panic in samsung_clk_init()\n\nWith UBSAN_ARRAY_BOUNDS=y, I\u0027m hitting the below panic due to\ndereferencing `ctx-\u003eclk_data.hws` before setting\n`ctx-\u003eclk_data.num = nr_clks`. Move that up to fix the crash.\n\n UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP\n \u003csnip\u003e\n Call trace:\n samsung_clk_init+0x110/0x124 (P)\n samsung_clk_init+0x48/0x124 (L)\n samsung_cmu_register_one+0x3c/0xa0\n exynos_arm64_register_cmu+0x54/0x64\n __gs101_cmu_top_of_clk_init_declare+0x28/0x60\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39728",
"url": "https://www.suse.com/security/cve/CVE-2025-39728"
},
{
"category": "external",
"summary": "SUSE Bug 1241626 for CVE-2025-39728",
"url": "https://bugzilla.suse.com/1241626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-39728"
},
{
"cve": "CVE-2025-40325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40325"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: wait barrier before returning discard request with REQ_NOWAIT\n\nraid10_handle_discard should wait barrier before returning a discard bio\nwhich has REQ_NOWAIT. And there is no need to print warning calltrace\nif a discard bio has REQ_NOWAIT flag. Quality engineer usually checks\ndmesg and reports error if dmesg has warning/error calltrace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40325",
"url": "https://www.suse.com/security/cve/CVE-2025-40325"
},
{
"category": "external",
"summary": "SUSE Bug 1241638 for CVE-2025-40325",
"url": "https://bugzilla.suse.com/1241638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-azure-devel-6.4.0-150700.20.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-devel-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-source-azure-6.4.0-150700.20.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:kernel-syms-azure-6.4.0-150700.20.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:56:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-40325"
}
]
}
wid-sec-w-2025-0844
Vulnerability from csaf_certbund
Published
2025-04-16 22:00
Modified
2025-08-12 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder andere, nicht genauer beschriebene Auswirkungen erzielen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder andere, nicht genauer beschriebene Auswirkungen erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0844 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0844.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0844 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0844"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2025-04-16",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5907 vom 2025-04-27",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00069.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1574-1 vom 2025-05-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020835.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1573-1 vom 2025-05-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020836.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01600-1 vom 2025-05-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020854.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01633-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020864.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01620-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020867.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01614-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020870.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01627-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020866.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01640-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020861.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5925 vom 2025-05-24",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00088.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01707-1 vom 2025-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020902.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4178 vom 2025-05-26",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20344-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020964.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20343-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020965.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4193 vom 2025-05-30",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20354-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021016.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20355-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021015.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8643 vom 2025-06-09",
"url": "https://access.redhat.com/errata/RHSA-2025:8643"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8669 vom 2025-06-09",
"url": "https://access.redhat.com/errata/RHSA-2025:8669"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-8643 vom 2025-06-10",
"url": "https://linux.oracle.com/errata/ELSA-2025-8643.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-074 vom 2025-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-074.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01919-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20372 vom 2025-06-12",
"url": "https://linux.oracle.com/errata/ELSA-2025-20372.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01918-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021478.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01951-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021509.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9080 vom 2025-06-16",
"url": "https://access.redhat.com/errata/RHSA-2025:9080"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01966-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021534.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01967-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01965-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01964-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01972-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021537.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01982-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021539.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20408-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021550.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01983-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021538.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20413-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021547.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9080 vom 2025-06-18",
"url": "http://linux.oracle.com/errata/ELSA-2025-9080.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7585-2 vom 2025-06-19",
"url": "https://ubuntu.com/security/notices/USN-7585-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7585-1 vom 2025-06-19",
"url": "https://ubuntu.com/security/notices/USN-7585-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02000-1 vom 2025-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021568.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20419-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021591.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20421-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021590.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9302 vom 2025-06-23",
"url": "https://access.redhat.com/errata/RHSA-2025:9302"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7591-3 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7591-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7591-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7591-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-077 vom 2025-06-24",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-077.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7593-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7593-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7591-2 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7591-2"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-076 vom 2025-06-24",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-076.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7592-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7592-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9302 vom 2025-06-24",
"url": "https://linux.oracle.com/errata/ELSA-2025-9302.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7594-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7594-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7597-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7597-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7591-4 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7591-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7597-2 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7597-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7598-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7598-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7585-4 vom 2025-06-25",
"url": "https://ubuntu.com/security/notices/USN-7585-4"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9580 vom 2025-06-26",
"url": "https://linux.oracle.com/errata/ELSA-2025-9580.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7585-3 vom 2025-06-25",
"url": "https://ubuntu.com/security/notices/USN-7585-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7594-2 vom 2025-06-26",
"url": "https://ubuntu.com/security/notices/USN-7594-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7602-1 vom 2025-06-26",
"url": "https://ubuntu.com/security/notices/USN-7602-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9896 vom 2025-06-30",
"url": "https://access.redhat.com/errata/RHSA-2025:9896"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7606-1 vom 2025-06-30",
"url": "https://ubuntu.com/security/notices/USN-7606-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7605-1 vom 2025-06-30",
"url": "https://ubuntu.com/security/notices/USN-7605-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7585-5 vom 2025-06-30",
"url": "https://ubuntu.com/security/notices/USN-7585-5"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02173-1 vom 2025-06-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021714.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7609-2 vom 2025-07-02",
"url": "https://ubuntu.com/security/notices/USN-7609-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7609-1 vom 2025-07-02",
"url": "https://ubuntu.com/security/notices/USN-7609-1"
},
{
"category": "external",
"summary": "SEM 2025.2.1 release notes vom 2025-07-02",
"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2025-2-1_release_notes.htm"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7585-6 vom 2025-07-03",
"url": "https://ubuntu.com/security/notices/USN-7585-6"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-9896 vom 2025-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2025-9896.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-8669 vom 2025-07-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-8669.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7591-5 vom 2025-07-04",
"url": "https://ubuntu.com/security/notices/USN-7591-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7609-3 vom 2025-07-04",
"url": "https://ubuntu.com/security/notices/USN-7609-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7605-2 vom 2025-07-04",
"url": "https://ubuntu.com/security/notices/USN-7605-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10536 vom 2025-07-08",
"url": "https://access.redhat.com/errata/RHSA-2025:10536"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10547 vom 2025-07-08",
"url": "https://access.redhat.com/errata/RHSA-2025:10547"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20406 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-20406.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7594-3 vom 2025-07-09",
"url": "https://ubuntu.com/security/notices/USN-7594-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02249-1 vom 2025-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021766.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02254-1 vom 2025-07-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021770.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7609-4 vom 2025-07-09",
"url": "https://ubuntu.com/security/notices/USN-7609-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7628-1 vom 2025-07-09",
"url": "https://ubuntu.com/security/notices/USN-7628-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10701 vom 2025-07-09",
"url": "https://access.redhat.com/errata/RHSA-2025:10701"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02262-1 vom 2025-07-10",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/B53IHD74IRNJDAOHBW4L7JGWNOM26XE7/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2025-078 vom 2025-07-10",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2025-078.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-104 vom 2025-07-10",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-104.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2025-079 vom 2025-07-10",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2025-079.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10830 vom 2025-07-14",
"url": "https://access.redhat.com/errata/RHSA-2025:10830"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10829 vom 2025-07-14",
"url": "https://access.redhat.com/errata/RHSA-2025:10829"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:10854 vom 2025-07-14",
"url": "https://access.redhat.com/errata/RHSA-2025:10854"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02307-1 vom 2025-07-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021804.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11245 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11245"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20470 vom 2025-07-16",
"url": "https://linux.oracle.com/errata/ELSA-2025-20470.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-10854 vom 2025-07-16",
"url": "https://linux.oracle.com/errata/ELSA-2025-10854.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02333-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021830.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02335-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021828.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02334-1 vom 2025-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021829.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7640-1 vom 2025-07-16",
"url": "https://ubuntu.com/security/notices/USN-7640-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7585-7 vom 2025-07-16",
"url": "https://ubuntu.com/security/notices/USN-7585-7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7653-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7653-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7591-6 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7591-6"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7609-5 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7609-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-1 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-3 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-2 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7655-1 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7655-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20480 vom 2025-07-18",
"url": "https://linux.oracle.com/errata/ELSA-2025-20480.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02385-1 vom 2025-07-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021862.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02388-1 vom 2025-07-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021860.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02387-1 vom 2025-07-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021861.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02413-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021865.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02390-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021881.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02405-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021868.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02389-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021882.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02412-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021866.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02411-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DEKG43SVEEUNQXJBCRXWGSWJ6NQ36NUC/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20483-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021917.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02440-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ON72ZMOEO6E3K3KZFRVFHX5LUYA6RAXJ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02449-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NOIECZ42HAJGKZ7TVGI4LLLNAG27ZF7L/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02420-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021886.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20475-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021919.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02421-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021885.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02433-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021883.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02439-1 vom 2025-07-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021904.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02442-1 vom 2025-07-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7BWN4GTGQU33LC3C2LNMXQT72KBQAYTF/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-4 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7654-4"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11572 vom 2025-07-23",
"url": "https://access.redhat.com/errata/RHSA-2025:11572"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11571 vom 2025-07-23",
"url": "https://access.redhat.com/errata/RHSA-2025:11571"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02514-1 vom 2025-07-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021952.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20493-1 vom 2025-07-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021967.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11810 vom 2025-07-28",
"url": "https://access.redhat.com/errata/RHSA-2025:11810"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20498-1 vom 2025-07-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021965.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11855 vom 2025-07-28",
"url": "https://access.redhat.com/errata/RHSA-2025:11855"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11861 vom 2025-07-28",
"url": "https://access.redhat.com/errata/RHSA-2025:11861"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02538-1 vom 2025-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021981.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11861 vom 2025-07-30",
"url": "https://linux.oracle.com/errata/ELSA-2025-11861.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-5 vom 2025-07-29",
"url": "https://ubuntu.com/security/notices/USN-7654-5"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12209 vom 2025-07-29",
"url": "https://access.redhat.com/errata/RHSA-2025:12209"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12311 vom 2025-07-30",
"url": "https://access.redhat.com/errata/RHSA-2025:12311"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11855 vom 2025-07-30",
"url": "https://linux.oracle.com/errata/ELSA-2025-11855.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20517-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022034.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12525 vom 2025-08-04",
"url": "https://access.redhat.com/errata/RHSA-2025:12525"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12662 vom 2025-08-04",
"url": "https://access.redhat.com/errata/RHSA-2025:12662"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20518-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022033.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20527-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022025.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20524-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022028.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20520-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022031.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20519-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022032.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20529-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022023.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20526-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022026.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20528-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022024.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20521-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022030.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:12526 vom 2025-08-05",
"url": "https://access.redhat.com/errata/RHSA-2025:12526"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20547-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022097.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20548-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022096.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20546-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022098.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20545-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022099.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20544-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022100.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20543-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022101.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20542-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022102.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20541-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022103.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20540-1 vom 2025-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022104.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7686-1 vom 2025-08-05",
"url": "https://ubuntu.com/security/notices/USN-7686-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-12752 vom 2025-08-07",
"url": "http://linux.oracle.com/errata/ELSA-2025-12752.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-12662 vom 2025-08-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-12662.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5973 vom 2025-08-12",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00137.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4271 vom 2025-08-13",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-12T22:00:00.000+00:00",
"generator": {
"date": "2025-08-13T06:27:30.093+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0844",
"initial_release_date": "2025-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
},
{
"date": "2025-06-19T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-06-22T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-23T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu und Amazon aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2025-06-26T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-07-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-03T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2025-07-06T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-07T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Oracle Linux, Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-07-09T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-10T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-07-13T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-14T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-20T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-22T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-24T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-27T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-07-28T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-29T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Oracle Linux, Ubuntu und Red Hat aufgenommen"
},
{
"date": "2025-07-30T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "44",
"summary": "Referenz(en) aufgenommen:"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-08-04T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-05T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "50"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T035582",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2025.2.1",
"product": {
"name": "SolarWinds Security Event Manager \u003c2025.2.1",
"product_id": "T044986"
}
},
{
"category": "product_version",
"name": "2025.2.1",
"product": {
"name": "SolarWinds Security Event Manager 2025.2.1",
"product_id": "T044986-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:security_event_manager:2025.2.1"
}
}
}
],
"category": "product_name",
"name": "Security Event Manager"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53034",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2023-53034"
},
{
"cve": "CVE-2024-58093",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-58093"
},
{
"cve": "CVE-2024-58094",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-58094"
},
{
"cve": "CVE-2024-58095",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-58095"
},
{
"cve": "CVE-2024-58096",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-58096"
},
{
"cve": "CVE-2024-58097",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-58097"
},
{
"cve": "CVE-2025-22024",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22024"
},
{
"cve": "CVE-2025-22025",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22025"
},
{
"cve": "CVE-2025-22026",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22026"
},
{
"cve": "CVE-2025-22027",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22027"
},
{
"cve": "CVE-2025-22028",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22028"
},
{
"cve": "CVE-2025-22029",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22029"
},
{
"cve": "CVE-2025-22030",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22030"
},
{
"cve": "CVE-2025-22031",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22031"
},
{
"cve": "CVE-2025-22032",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22032"
},
{
"cve": "CVE-2025-22033",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22033"
},
{
"cve": "CVE-2025-22034",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22034"
},
{
"cve": "CVE-2025-22035",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22035"
},
{
"cve": "CVE-2025-22036",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22036"
},
{
"cve": "CVE-2025-22037",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22037"
},
{
"cve": "CVE-2025-22038",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22038"
},
{
"cve": "CVE-2025-22039",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22039"
},
{
"cve": "CVE-2025-22040",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22040"
},
{
"cve": "CVE-2025-22041",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22041"
},
{
"cve": "CVE-2025-22042",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22042"
},
{
"cve": "CVE-2025-22043",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22043"
},
{
"cve": "CVE-2025-22044",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22044"
},
{
"cve": "CVE-2025-22045",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22045"
},
{
"cve": "CVE-2025-22046",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22046"
},
{
"cve": "CVE-2025-22047",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22047"
},
{
"cve": "CVE-2025-22048",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22048"
},
{
"cve": "CVE-2025-22049",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22049"
},
{
"cve": "CVE-2025-22050",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22050"
},
{
"cve": "CVE-2025-22051",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22051"
},
{
"cve": "CVE-2025-22052",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22052"
},
{
"cve": "CVE-2025-22053",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22053"
},
{
"cve": "CVE-2025-22054",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22054"
},
{
"cve": "CVE-2025-22055",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22055"
},
{
"cve": "CVE-2025-22056",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22056"
},
{
"cve": "CVE-2025-22057",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22057"
},
{
"cve": "CVE-2025-22058",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22058"
},
{
"cve": "CVE-2025-22059",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22059"
},
{
"cve": "CVE-2025-22060",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22060"
},
{
"cve": "CVE-2025-22061",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22061"
},
{
"cve": "CVE-2025-22062",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22062"
},
{
"cve": "CVE-2025-22063",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22063"
},
{
"cve": "CVE-2025-22064",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22064"
},
{
"cve": "CVE-2025-22065",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22065"
},
{
"cve": "CVE-2025-22066",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22066"
},
{
"cve": "CVE-2025-22067",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22067"
},
{
"cve": "CVE-2025-22068",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22068"
},
{
"cve": "CVE-2025-22069",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22069"
},
{
"cve": "CVE-2025-22070",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22070"
},
{
"cve": "CVE-2025-22071",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22071"
},
{
"cve": "CVE-2025-22072",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22072"
},
{
"cve": "CVE-2025-22073",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22073"
},
{
"cve": "CVE-2025-22074",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22074"
},
{
"cve": "CVE-2025-22075",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22075"
},
{
"cve": "CVE-2025-22076",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22076"
},
{
"cve": "CVE-2025-22077",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22077"
},
{
"cve": "CVE-2025-22078",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22078"
},
{
"cve": "CVE-2025-22079",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22079"
},
{
"cve": "CVE-2025-22080",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22080"
},
{
"cve": "CVE-2025-22081",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22081"
},
{
"cve": "CVE-2025-22082",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22082"
},
{
"cve": "CVE-2025-22083",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22083"
},
{
"cve": "CVE-2025-22084",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22084"
},
{
"cve": "CVE-2025-22085",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22085"
},
{
"cve": "CVE-2025-22086",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22086"
},
{
"cve": "CVE-2025-22087",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22087"
},
{
"cve": "CVE-2025-22088",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22088"
},
{
"cve": "CVE-2025-22089",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22089"
},
{
"cve": "CVE-2025-22090",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22090"
},
{
"cve": "CVE-2025-22091",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22091"
},
{
"cve": "CVE-2025-22092",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22092"
},
{
"cve": "CVE-2025-22093",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22093"
},
{
"cve": "CVE-2025-22094",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22094"
},
{
"cve": "CVE-2025-22095",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22095"
},
{
"cve": "CVE-2025-22096",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22096"
},
{
"cve": "CVE-2025-22097",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22097"
},
{
"cve": "CVE-2025-22098",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22098"
},
{
"cve": "CVE-2025-22099",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22099"
},
{
"cve": "CVE-2025-22100",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22100"
},
{
"cve": "CVE-2025-22101",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22101"
},
{
"cve": "CVE-2025-22102",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22102"
},
{
"cve": "CVE-2025-22103",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22103"
},
{
"cve": "CVE-2025-22104",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22104"
},
{
"cve": "CVE-2025-22105",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22105"
},
{
"cve": "CVE-2025-22106",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22106"
},
{
"cve": "CVE-2025-22107",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22107"
},
{
"cve": "CVE-2025-22108",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22108"
},
{
"cve": "CVE-2025-22109",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22109"
},
{
"cve": "CVE-2025-22110",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22110"
},
{
"cve": "CVE-2025-22111",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22111"
},
{
"cve": "CVE-2025-22112",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22112"
},
{
"cve": "CVE-2025-22113",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22113"
},
{
"cve": "CVE-2025-22114",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22114"
},
{
"cve": "CVE-2025-22115",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22115"
},
{
"cve": "CVE-2025-22116",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22116"
},
{
"cve": "CVE-2025-22117",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22117"
},
{
"cve": "CVE-2025-22118",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22118"
},
{
"cve": "CVE-2025-22119",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22119"
},
{
"cve": "CVE-2025-22120",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22120"
},
{
"cve": "CVE-2025-22121",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22121"
},
{
"cve": "CVE-2025-22122",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22122"
},
{
"cve": "CVE-2025-22123",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22123"
},
{
"cve": "CVE-2025-22124",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22124"
},
{
"cve": "CVE-2025-22125",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22125"
},
{
"cve": "CVE-2025-22126",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22126"
},
{
"cve": "CVE-2025-22127",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22127"
},
{
"cve": "CVE-2025-22128",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-22128"
},
{
"cve": "CVE-2025-23129",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23129"
},
{
"cve": "CVE-2025-23130",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23130"
},
{
"cve": "CVE-2025-23131",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23131"
},
{
"cve": "CVE-2025-23132",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23132"
},
{
"cve": "CVE-2025-23133",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23133"
},
{
"cve": "CVE-2025-23134",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23134"
},
{
"cve": "CVE-2025-23135",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23135"
},
{
"cve": "CVE-2025-23136",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23136"
},
{
"cve": "CVE-2025-23137",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23137"
},
{
"cve": "CVE-2025-23138",
"product_status": {
"known_affected": [
"T044986",
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035582",
"T004914"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-23138"
}
]
}
ghsa-727c-882c-j5hc
Vulnerability from github
Published
2025-04-16 15:34
Modified
2025-04-16 15:34
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
ice: validate queue quanta parameters to prevent OOB access
Add queue wraparound prevention in quanta configuration. Ensure end_qid does not overflow by validating start_qid and num_queues.
{
"affected": [],
"aliases": [
"CVE-2025-22118"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T15:16:06Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: validate queue quanta parameters to prevent OOB access\n\nAdd queue wraparound prevention in quanta configuration.\nEnsure end_qid does not overflow by validating start_qid and num_queues.",
"id": "GHSA-727c-882c-j5hc",
"modified": "2025-04-16T15:34:45Z",
"published": "2025-04-16T15:34:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22118"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4161cf3f4c11006507f4e02bedc048a215a4b81a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2f7d3f7331b92cb820da23e8c45133305da1e63"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…