suse-su-2025:01966-1
Vulnerability from csaf_suse
Published
2025-06-16 14:55
Modified
2025-06-16 14:55
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- Remove debug flavor (bsc#1243919).
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- net :mana :Add remaining GDMA stats for MANA to ethtool (bsc#1234395).
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (bsc#1234395).
- net: mana: Add gdma stats to ethtool output for mana (bsc#1234395).
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (bsc#1223096).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- tcp: Dump bound-only sockets in inet_diag (bsc#1204562).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
Patchnames
SUSE-2025-1966,SUSE-SLE-Micro-5.5-2025-1966
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).\n- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).\n- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).\n- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).\n- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).\n- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).\n- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).\n\nThe following non-security bugs were fixed:\n\n- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).\n- Remove debug flavor (bsc#1243919).\n- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).\n- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).\n- arm64: insn: Add support for encoding DSB (bsc#1242778).\n- arm64: proton-pack: Add new CPUs \u0027k\u0027 values for branch mitigation (bsc#1242778).\n- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).\n- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).\n- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).\n- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).\n- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).\n- mtd: phram: Add the kernel lock down check (bsc#1232649).\n- net :mana :Add remaining GDMA stats for MANA to ethtool (bsc#1234395).\n- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (bsc#1234395).\n- net: mana: Add gdma stats to ethtool output for mana (bsc#1234395).\n- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (bsc#1223096).\n- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).\n- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).\n- scsi: core: Fix unremoved procfs host directory regression (git-fixes).\n- tcp: Dump bound-only sockets in inet_diag (bsc#1204562).\n- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).\n- tpm: tis: Double the timeout B to 4s (bsc#1235870).\n- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).\n- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).\n- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1966,SUSE-SLE-Micro-5.5-2025-1966",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01966-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01966-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501966-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01966-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021534.html"
},
{
"category": "self",
"summary": "SUSE Bug 1184350",
"url": "https://bugzilla.suse.com/1184350"
},
{
"category": "self",
"summary": "SUSE Bug 1193629",
"url": "https://bugzilla.suse.com/1193629"
},
{
"category": "self",
"summary": "SUSE Bug 1204562",
"url": "https://bugzilla.suse.com/1204562"
},
{
"category": "self",
"summary": "SUSE Bug 1204569",
"url": "https://bugzilla.suse.com/1204569"
},
{
"category": "self",
"summary": "SUSE Bug 1204619",
"url": "https://bugzilla.suse.com/1204619"
},
{
"category": "self",
"summary": "SUSE Bug 1204705",
"url": "https://bugzilla.suse.com/1204705"
},
{
"category": "self",
"summary": "SUSE Bug 1205282",
"url": "https://bugzilla.suse.com/1205282"
},
{
"category": "self",
"summary": "SUSE Bug 1206051",
"url": "https://bugzilla.suse.com/1206051"
},
{
"category": "self",
"summary": "SUSE Bug 1206073",
"url": "https://bugzilla.suse.com/1206073"
},
{
"category": "self",
"summary": "SUSE Bug 1206649",
"url": "https://bugzilla.suse.com/1206649"
},
{
"category": "self",
"summary": "SUSE Bug 1206843",
"url": "https://bugzilla.suse.com/1206843"
},
{
"category": "self",
"summary": "SUSE Bug 1206886",
"url": "https://bugzilla.suse.com/1206886"
},
{
"category": "self",
"summary": "SUSE Bug 1206887",
"url": "https://bugzilla.suse.com/1206887"
},
{
"category": "self",
"summary": "SUSE Bug 1207361",
"url": "https://bugzilla.suse.com/1207361"
},
{
"category": "self",
"summary": "SUSE Bug 1208105",
"url": "https://bugzilla.suse.com/1208105"
},
{
"category": "self",
"summary": "SUSE Bug 1208542",
"url": "https://bugzilla.suse.com/1208542"
},
{
"category": "self",
"summary": "SUSE Bug 1209292",
"url": "https://bugzilla.suse.com/1209292"
},
{
"category": "self",
"summary": "SUSE Bug 1209556",
"url": "https://bugzilla.suse.com/1209556"
},
{
"category": "self",
"summary": "SUSE Bug 1209684",
"url": "https://bugzilla.suse.com/1209684"
},
{
"category": "self",
"summary": "SUSE Bug 1209780",
"url": "https://bugzilla.suse.com/1209780"
},
{
"category": "self",
"summary": "SUSE Bug 1209980",
"url": "https://bugzilla.suse.com/1209980"
},
{
"category": "self",
"summary": "SUSE Bug 1210337",
"url": "https://bugzilla.suse.com/1210337"
},
{
"category": "self",
"summary": "SUSE Bug 1210763",
"url": "https://bugzilla.suse.com/1210763"
},
{
"category": "self",
"summary": "SUSE Bug 1210767",
"url": "https://bugzilla.suse.com/1210767"
},
{
"category": "self",
"summary": "SUSE Bug 1211465",
"url": "https://bugzilla.suse.com/1211465"
},
{
"category": "self",
"summary": "SUSE Bug 1213012",
"url": "https://bugzilla.suse.com/1213012"
},
{
"category": "self",
"summary": "SUSE Bug 1213013",
"url": "https://bugzilla.suse.com/1213013"
},
{
"category": "self",
"summary": "SUSE Bug 1213094",
"url": "https://bugzilla.suse.com/1213094"
},
{
"category": "self",
"summary": "SUSE Bug 1213096",
"url": "https://bugzilla.suse.com/1213096"
},
{
"category": "self",
"summary": "SUSE Bug 1213233",
"url": "https://bugzilla.suse.com/1213233"
},
{
"category": "self",
"summary": "SUSE Bug 1213946",
"url": "https://bugzilla.suse.com/1213946"
},
{
"category": "self",
"summary": "SUSE Bug 1214991",
"url": "https://bugzilla.suse.com/1214991"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1222629",
"url": "https://bugzilla.suse.com/1222629"
},
{
"category": "self",
"summary": "SUSE Bug 1223096",
"url": "https://bugzilla.suse.com/1223096"
},
{
"category": "self",
"summary": "SUSE Bug 1225903",
"url": "https://bugzilla.suse.com/1225903"
},
{
"category": "self",
"summary": "SUSE Bug 1232649",
"url": "https://bugzilla.suse.com/1232649"
},
{
"category": "self",
"summary": "SUSE Bug 1234395",
"url": "https://bugzilla.suse.com/1234395"
},
{
"category": "self",
"summary": "SUSE Bug 1234887",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "self",
"summary": "SUSE Bug 1235100",
"url": "https://bugzilla.suse.com/1235100"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1240802",
"url": "https://bugzilla.suse.com/1240802"
},
{
"category": "self",
"summary": "SUSE Bug 1241525",
"url": "https://bugzilla.suse.com/1241525"
},
{
"category": "self",
"summary": "SUSE Bug 1242146",
"url": "https://bugzilla.suse.com/1242146"
},
{
"category": "self",
"summary": "SUSE Bug 1242147",
"url": "https://bugzilla.suse.com/1242147"
},
{
"category": "self",
"summary": "SUSE Bug 1242150",
"url": "https://bugzilla.suse.com/1242150"
},
{
"category": "self",
"summary": "SUSE Bug 1242151",
"url": "https://bugzilla.suse.com/1242151"
},
{
"category": "self",
"summary": "SUSE Bug 1242154",
"url": "https://bugzilla.suse.com/1242154"
},
{
"category": "self",
"summary": "SUSE Bug 1242157",
"url": "https://bugzilla.suse.com/1242157"
},
{
"category": "self",
"summary": "SUSE Bug 1242158",
"url": "https://bugzilla.suse.com/1242158"
},
{
"category": "self",
"summary": "SUSE Bug 1242160",
"url": "https://bugzilla.suse.com/1242160"
},
{
"category": "self",
"summary": "SUSE Bug 1242164",
"url": "https://bugzilla.suse.com/1242164"
},
{
"category": "self",
"summary": "SUSE Bug 1242165",
"url": "https://bugzilla.suse.com/1242165"
},
{
"category": "self",
"summary": "SUSE Bug 1242169",
"url": "https://bugzilla.suse.com/1242169"
},
{
"category": "self",
"summary": "SUSE Bug 1242215",
"url": "https://bugzilla.suse.com/1242215"
},
{
"category": "self",
"summary": "SUSE Bug 1242217",
"url": "https://bugzilla.suse.com/1242217"
},
{
"category": "self",
"summary": "SUSE Bug 1242218",
"url": "https://bugzilla.suse.com/1242218"
},
{
"category": "self",
"summary": "SUSE Bug 1242219",
"url": "https://bugzilla.suse.com/1242219"
},
{
"category": "self",
"summary": "SUSE Bug 1242222",
"url": "https://bugzilla.suse.com/1242222"
},
{
"category": "self",
"summary": "SUSE Bug 1242224",
"url": "https://bugzilla.suse.com/1242224"
},
{
"category": "self",
"summary": "SUSE Bug 1242226",
"url": "https://bugzilla.suse.com/1242226"
},
{
"category": "self",
"summary": "SUSE Bug 1242227",
"url": "https://bugzilla.suse.com/1242227"
},
{
"category": "self",
"summary": "SUSE Bug 1242228",
"url": "https://bugzilla.suse.com/1242228"
},
{
"category": "self",
"summary": "SUSE Bug 1242229",
"url": "https://bugzilla.suse.com/1242229"
},
{
"category": "self",
"summary": "SUSE Bug 1242230",
"url": "https://bugzilla.suse.com/1242230"
},
{
"category": "self",
"summary": "SUSE Bug 1242231",
"url": "https://bugzilla.suse.com/1242231"
},
{
"category": "self",
"summary": "SUSE Bug 1242232",
"url": "https://bugzilla.suse.com/1242232"
},
{
"category": "self",
"summary": "SUSE Bug 1242237",
"url": "https://bugzilla.suse.com/1242237"
},
{
"category": "self",
"summary": "SUSE Bug 1242239",
"url": "https://bugzilla.suse.com/1242239"
},
{
"category": "self",
"summary": "SUSE Bug 1242240",
"url": "https://bugzilla.suse.com/1242240"
},
{
"category": "self",
"summary": "SUSE Bug 1242241",
"url": "https://bugzilla.suse.com/1242241"
},
{
"category": "self",
"summary": "SUSE Bug 1242244",
"url": "https://bugzilla.suse.com/1242244"
},
{
"category": "self",
"summary": "SUSE Bug 1242245",
"url": "https://bugzilla.suse.com/1242245"
},
{
"category": "self",
"summary": "SUSE Bug 1242248",
"url": "https://bugzilla.suse.com/1242248"
},
{
"category": "self",
"summary": "SUSE Bug 1242249",
"url": "https://bugzilla.suse.com/1242249"
},
{
"category": "self",
"summary": "SUSE Bug 1242261",
"url": "https://bugzilla.suse.com/1242261"
},
{
"category": "self",
"summary": "SUSE Bug 1242264",
"url": "https://bugzilla.suse.com/1242264"
},
{
"category": "self",
"summary": "SUSE Bug 1242265",
"url": "https://bugzilla.suse.com/1242265"
},
{
"category": "self",
"summary": "SUSE Bug 1242270",
"url": "https://bugzilla.suse.com/1242270"
},
{
"category": "self",
"summary": "SUSE Bug 1242276",
"url": "https://bugzilla.suse.com/1242276"
},
{
"category": "self",
"summary": "SUSE Bug 1242278",
"url": "https://bugzilla.suse.com/1242278"
},
{
"category": "self",
"summary": "SUSE Bug 1242279",
"url": "https://bugzilla.suse.com/1242279"
},
{
"category": "self",
"summary": "SUSE Bug 1242280",
"url": "https://bugzilla.suse.com/1242280"
},
{
"category": "self",
"summary": "SUSE Bug 1242281",
"url": "https://bugzilla.suse.com/1242281"
},
{
"category": "self",
"summary": "SUSE Bug 1242282",
"url": "https://bugzilla.suse.com/1242282"
},
{
"category": "self",
"summary": "SUSE Bug 1242285",
"url": "https://bugzilla.suse.com/1242285"
},
{
"category": "self",
"summary": "SUSE Bug 1242286",
"url": "https://bugzilla.suse.com/1242286"
},
{
"category": "self",
"summary": "SUSE Bug 1242289",
"url": "https://bugzilla.suse.com/1242289"
},
{
"category": "self",
"summary": "SUSE Bug 1242294",
"url": "https://bugzilla.suse.com/1242294"
},
{
"category": "self",
"summary": "SUSE Bug 1242295",
"url": "https://bugzilla.suse.com/1242295"
},
{
"category": "self",
"summary": "SUSE Bug 1242298",
"url": "https://bugzilla.suse.com/1242298"
},
{
"category": "self",
"summary": "SUSE Bug 1242302",
"url": "https://bugzilla.suse.com/1242302"
},
{
"category": "self",
"summary": "SUSE Bug 1242305",
"url": "https://bugzilla.suse.com/1242305"
},
{
"category": "self",
"summary": "SUSE Bug 1242311",
"url": "https://bugzilla.suse.com/1242311"
},
{
"category": "self",
"summary": "SUSE Bug 1242312",
"url": "https://bugzilla.suse.com/1242312"
},
{
"category": "self",
"summary": "SUSE Bug 1242320",
"url": "https://bugzilla.suse.com/1242320"
},
{
"category": "self",
"summary": "SUSE Bug 1242338",
"url": "https://bugzilla.suse.com/1242338"
},
{
"category": "self",
"summary": "SUSE Bug 1242349",
"url": "https://bugzilla.suse.com/1242349"
},
{
"category": "self",
"summary": "SUSE Bug 1242351",
"url": "https://bugzilla.suse.com/1242351"
},
{
"category": "self",
"summary": "SUSE Bug 1242352",
"url": "https://bugzilla.suse.com/1242352"
},
{
"category": "self",
"summary": "SUSE Bug 1242353",
"url": "https://bugzilla.suse.com/1242353"
},
{
"category": "self",
"summary": "SUSE Bug 1242355",
"url": "https://bugzilla.suse.com/1242355"
},
{
"category": "self",
"summary": "SUSE Bug 1242357",
"url": "https://bugzilla.suse.com/1242357"
},
{
"category": "self",
"summary": "SUSE Bug 1242358",
"url": "https://bugzilla.suse.com/1242358"
},
{
"category": "self",
"summary": "SUSE Bug 1242359",
"url": "https://bugzilla.suse.com/1242359"
},
{
"category": "self",
"summary": "SUSE Bug 1242360",
"url": "https://bugzilla.suse.com/1242360"
},
{
"category": "self",
"summary": "SUSE Bug 1242361",
"url": "https://bugzilla.suse.com/1242361"
},
{
"category": "self",
"summary": "SUSE Bug 1242365",
"url": "https://bugzilla.suse.com/1242365"
},
{
"category": "self",
"summary": "SUSE Bug 1242366",
"url": "https://bugzilla.suse.com/1242366"
},
{
"category": "self",
"summary": "SUSE Bug 1242369",
"url": "https://bugzilla.suse.com/1242369"
},
{
"category": "self",
"summary": "SUSE Bug 1242370",
"url": "https://bugzilla.suse.com/1242370"
},
{
"category": "self",
"summary": "SUSE Bug 1242371",
"url": "https://bugzilla.suse.com/1242371"
},
{
"category": "self",
"summary": "SUSE Bug 1242372",
"url": "https://bugzilla.suse.com/1242372"
},
{
"category": "self",
"summary": "SUSE Bug 1242377",
"url": "https://bugzilla.suse.com/1242377"
},
{
"category": "self",
"summary": "SUSE Bug 1242378",
"url": "https://bugzilla.suse.com/1242378"
},
{
"category": "self",
"summary": "SUSE Bug 1242380",
"url": "https://bugzilla.suse.com/1242380"
},
{
"category": "self",
"summary": "SUSE Bug 1242381",
"url": "https://bugzilla.suse.com/1242381"
},
{
"category": "self",
"summary": "SUSE Bug 1242382",
"url": "https://bugzilla.suse.com/1242382"
},
{
"category": "self",
"summary": "SUSE Bug 1242385",
"url": "https://bugzilla.suse.com/1242385"
},
{
"category": "self",
"summary": "SUSE Bug 1242387",
"url": "https://bugzilla.suse.com/1242387"
},
{
"category": "self",
"summary": "SUSE Bug 1242389",
"url": "https://bugzilla.suse.com/1242389"
},
{
"category": "self",
"summary": "SUSE Bug 1242391",
"url": "https://bugzilla.suse.com/1242391"
},
{
"category": "self",
"summary": "SUSE Bug 1242392",
"url": "https://bugzilla.suse.com/1242392"
},
{
"category": "self",
"summary": "SUSE Bug 1242393",
"url": "https://bugzilla.suse.com/1242393"
},
{
"category": "self",
"summary": "SUSE Bug 1242394",
"url": "https://bugzilla.suse.com/1242394"
},
{
"category": "self",
"summary": "SUSE Bug 1242398",
"url": "https://bugzilla.suse.com/1242398"
},
{
"category": "self",
"summary": "SUSE Bug 1242399",
"url": "https://bugzilla.suse.com/1242399"
},
{
"category": "self",
"summary": "SUSE Bug 1242400",
"url": "https://bugzilla.suse.com/1242400"
},
{
"category": "self",
"summary": "SUSE Bug 1242402",
"url": "https://bugzilla.suse.com/1242402"
},
{
"category": "self",
"summary": "SUSE Bug 1242403",
"url": "https://bugzilla.suse.com/1242403"
},
{
"category": "self",
"summary": "SUSE Bug 1242405",
"url": "https://bugzilla.suse.com/1242405"
},
{
"category": "self",
"summary": "SUSE Bug 1242406",
"url": "https://bugzilla.suse.com/1242406"
},
{
"category": "self",
"summary": "SUSE Bug 1242409",
"url": "https://bugzilla.suse.com/1242409"
},
{
"category": "self",
"summary": "SUSE Bug 1242410",
"url": "https://bugzilla.suse.com/1242410"
},
{
"category": "self",
"summary": "SUSE Bug 1242411",
"url": "https://bugzilla.suse.com/1242411"
},
{
"category": "self",
"summary": "SUSE Bug 1242415",
"url": "https://bugzilla.suse.com/1242415"
},
{
"category": "self",
"summary": "SUSE Bug 1242416",
"url": "https://bugzilla.suse.com/1242416"
},
{
"category": "self",
"summary": "SUSE Bug 1242421",
"url": "https://bugzilla.suse.com/1242421"
},
{
"category": "self",
"summary": "SUSE Bug 1242422",
"url": "https://bugzilla.suse.com/1242422"
},
{
"category": "self",
"summary": "SUSE Bug 1242425",
"url": "https://bugzilla.suse.com/1242425"
},
{
"category": "self",
"summary": "SUSE Bug 1242426",
"url": "https://bugzilla.suse.com/1242426"
},
{
"category": "self",
"summary": "SUSE Bug 1242428",
"url": "https://bugzilla.suse.com/1242428"
},
{
"category": "self",
"summary": "SUSE Bug 1242440",
"url": "https://bugzilla.suse.com/1242440"
},
{
"category": "self",
"summary": "SUSE Bug 1242443",
"url": "https://bugzilla.suse.com/1242443"
},
{
"category": "self",
"summary": "SUSE Bug 1242448",
"url": "https://bugzilla.suse.com/1242448"
},
{
"category": "self",
"summary": "SUSE Bug 1242449",
"url": "https://bugzilla.suse.com/1242449"
},
{
"category": "self",
"summary": "SUSE Bug 1242452",
"url": "https://bugzilla.suse.com/1242452"
},
{
"category": "self",
"summary": "SUSE Bug 1242453",
"url": "https://bugzilla.suse.com/1242453"
},
{
"category": "self",
"summary": "SUSE Bug 1242454",
"url": "https://bugzilla.suse.com/1242454"
},
{
"category": "self",
"summary": "SUSE Bug 1242455",
"url": "https://bugzilla.suse.com/1242455"
},
{
"category": "self",
"summary": "SUSE Bug 1242456",
"url": "https://bugzilla.suse.com/1242456"
},
{
"category": "self",
"summary": "SUSE Bug 1242458",
"url": "https://bugzilla.suse.com/1242458"
},
{
"category": "self",
"summary": "SUSE Bug 1242464",
"url": "https://bugzilla.suse.com/1242464"
},
{
"category": "self",
"summary": "SUSE Bug 1242465",
"url": "https://bugzilla.suse.com/1242465"
},
{
"category": "self",
"summary": "SUSE Bug 1242467",
"url": "https://bugzilla.suse.com/1242467"
},
{
"category": "self",
"summary": "SUSE Bug 1242469",
"url": "https://bugzilla.suse.com/1242469"
},
{
"category": "self",
"summary": "SUSE Bug 1242473",
"url": "https://bugzilla.suse.com/1242473"
},
{
"category": "self",
"summary": "SUSE Bug 1242474",
"url": "https://bugzilla.suse.com/1242474"
},
{
"category": "self",
"summary": "SUSE Bug 1242478",
"url": "https://bugzilla.suse.com/1242478"
},
{
"category": "self",
"summary": "SUSE Bug 1242481",
"url": "https://bugzilla.suse.com/1242481"
},
{
"category": "self",
"summary": "SUSE Bug 1242484",
"url": "https://bugzilla.suse.com/1242484"
},
{
"category": "self",
"summary": "SUSE Bug 1242489",
"url": "https://bugzilla.suse.com/1242489"
},
{
"category": "self",
"summary": "SUSE Bug 1242497",
"url": "https://bugzilla.suse.com/1242497"
},
{
"category": "self",
"summary": "SUSE Bug 1242527",
"url": "https://bugzilla.suse.com/1242527"
},
{
"category": "self",
"summary": "SUSE Bug 1242542",
"url": "https://bugzilla.suse.com/1242542"
},
{
"category": "self",
"summary": "SUSE Bug 1242544",
"url": "https://bugzilla.suse.com/1242544"
},
{
"category": "self",
"summary": "SUSE Bug 1242545",
"url": "https://bugzilla.suse.com/1242545"
},
{
"category": "self",
"summary": "SUSE Bug 1242547",
"url": "https://bugzilla.suse.com/1242547"
},
{
"category": "self",
"summary": "SUSE Bug 1242548",
"url": "https://bugzilla.suse.com/1242548"
},
{
"category": "self",
"summary": "SUSE Bug 1242549",
"url": "https://bugzilla.suse.com/1242549"
},
{
"category": "self",
"summary": "SUSE Bug 1242550",
"url": "https://bugzilla.suse.com/1242550"
},
{
"category": "self",
"summary": "SUSE Bug 1242551",
"url": "https://bugzilla.suse.com/1242551"
},
{
"category": "self",
"summary": "SUSE Bug 1242558",
"url": "https://bugzilla.suse.com/1242558"
},
{
"category": "self",
"summary": "SUSE Bug 1242570",
"url": "https://bugzilla.suse.com/1242570"
},
{
"category": "self",
"summary": "SUSE Bug 1242580",
"url": "https://bugzilla.suse.com/1242580"
},
{
"category": "self",
"summary": "SUSE Bug 1242586",
"url": "https://bugzilla.suse.com/1242586"
},
{
"category": "self",
"summary": "SUSE Bug 1242589",
"url": "https://bugzilla.suse.com/1242589"
},
{
"category": "self",
"summary": "SUSE Bug 1242596",
"url": "https://bugzilla.suse.com/1242596"
},
{
"category": "self",
"summary": "SUSE Bug 1242597",
"url": "https://bugzilla.suse.com/1242597"
},
{
"category": "self",
"summary": "SUSE Bug 1242685",
"url": "https://bugzilla.suse.com/1242685"
},
{
"category": "self",
"summary": "SUSE Bug 1242686",
"url": "https://bugzilla.suse.com/1242686"
},
{
"category": "self",
"summary": "SUSE Bug 1242688",
"url": "https://bugzilla.suse.com/1242688"
},
{
"category": "self",
"summary": "SUSE Bug 1242689",
"url": "https://bugzilla.suse.com/1242689"
},
{
"category": "self",
"summary": "SUSE Bug 1242695",
"url": "https://bugzilla.suse.com/1242695"
},
{
"category": "self",
"summary": "SUSE Bug 1242716",
"url": "https://bugzilla.suse.com/1242716"
},
{
"category": "self",
"summary": "SUSE Bug 1242733",
"url": "https://bugzilla.suse.com/1242733"
},
{
"category": "self",
"summary": "SUSE Bug 1242734",
"url": "https://bugzilla.suse.com/1242734"
},
{
"category": "self",
"summary": "SUSE Bug 1242735",
"url": "https://bugzilla.suse.com/1242735"
},
{
"category": "self",
"summary": "SUSE Bug 1242736",
"url": "https://bugzilla.suse.com/1242736"
},
{
"category": "self",
"summary": "SUSE Bug 1242739",
"url": "https://bugzilla.suse.com/1242739"
},
{
"category": "self",
"summary": "SUSE Bug 1242740",
"url": "https://bugzilla.suse.com/1242740"
},
{
"category": "self",
"summary": "SUSE Bug 1242743",
"url": "https://bugzilla.suse.com/1242743"
},
{
"category": "self",
"summary": "SUSE Bug 1242744",
"url": "https://bugzilla.suse.com/1242744"
},
{
"category": "self",
"summary": "SUSE Bug 1242745",
"url": "https://bugzilla.suse.com/1242745"
},
{
"category": "self",
"summary": "SUSE Bug 1242746",
"url": "https://bugzilla.suse.com/1242746"
},
{
"category": "self",
"summary": "SUSE Bug 1242747",
"url": "https://bugzilla.suse.com/1242747"
},
{
"category": "self",
"summary": "SUSE Bug 1242748",
"url": "https://bugzilla.suse.com/1242748"
},
{
"category": "self",
"summary": "SUSE Bug 1242749",
"url": "https://bugzilla.suse.com/1242749"
},
{
"category": "self",
"summary": "SUSE Bug 1242751",
"url": "https://bugzilla.suse.com/1242751"
},
{
"category": "self",
"summary": "SUSE Bug 1242752",
"url": "https://bugzilla.suse.com/1242752"
},
{
"category": "self",
"summary": "SUSE Bug 1242753",
"url": "https://bugzilla.suse.com/1242753"
},
{
"category": "self",
"summary": "SUSE Bug 1242756",
"url": "https://bugzilla.suse.com/1242756"
},
{
"category": "self",
"summary": "SUSE Bug 1242759",
"url": "https://bugzilla.suse.com/1242759"
},
{
"category": "self",
"summary": "SUSE Bug 1242762",
"url": "https://bugzilla.suse.com/1242762"
},
{
"category": "self",
"summary": "SUSE Bug 1242765",
"url": "https://bugzilla.suse.com/1242765"
},
{
"category": "self",
"summary": "SUSE Bug 1242767",
"url": "https://bugzilla.suse.com/1242767"
},
{
"category": "self",
"summary": "SUSE Bug 1242778",
"url": "https://bugzilla.suse.com/1242778"
},
{
"category": "self",
"summary": "SUSE Bug 1242779",
"url": "https://bugzilla.suse.com/1242779"
},
{
"category": "self",
"summary": "SUSE Bug 1242790",
"url": "https://bugzilla.suse.com/1242790"
},
{
"category": "self",
"summary": "SUSE Bug 1242791",
"url": "https://bugzilla.suse.com/1242791"
},
{
"category": "self",
"summary": "SUSE Bug 1243047",
"url": "https://bugzilla.suse.com/1243047"
},
{
"category": "self",
"summary": "SUSE Bug 1243133",
"url": "https://bugzilla.suse.com/1243133"
},
{
"category": "self",
"summary": "SUSE Bug 1243737",
"url": "https://bugzilla.suse.com/1243737"
},
{
"category": "self",
"summary": "SUSE Bug 1243919",
"url": "https://bugzilla.suse.com/1243919"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3564 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3619 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49762 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49763 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49769 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49769/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49770 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49771 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49771/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49773 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49775 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49776 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49777 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49779 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49781 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49783 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49784 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49787 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49788 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49789 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49792 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49793 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49794 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49795 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49796 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49797 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49799 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49800 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49801 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49802 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49807 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49809 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49810 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49812 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49813 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49818 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49821 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49822 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49824 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49826 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49827 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49830 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49832 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49834 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49835 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49836 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49837 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49839 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49841 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49842 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49845 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49846 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49853 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49858 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49860 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49861 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49863 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49864 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49865 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49868 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49869 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49870 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49871 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49874 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49879 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49880 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49881 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49885 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49886 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49887 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49888 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49889 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49890 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49891 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49892 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49900 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49901 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49902 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49905 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49906 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49908 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49909 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49910 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49915 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49916 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49917 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49918 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49921 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49922 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49923 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49925 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49927 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49928 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49929 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49931 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1990 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28866 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53035 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53036 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53038 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53039 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53040 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53041 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53042 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53044 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53045 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53049 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53052 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53054 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53056 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53058 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53059 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53060 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53062 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53064 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53065 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53066 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53068 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53070 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53071 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53073 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53074 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53075 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53077 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53078 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53079 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53081 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53082 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53084 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53087 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53089 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53090 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53091 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53092 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53093 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53095 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53096 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53098 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53099 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53100 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53101 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53102 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53105 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53106 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53109 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53111 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53112 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53114 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53116 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53118 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53119 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53124 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53128 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53131 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53134 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53137 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53139 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53143 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53145 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26804 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56558 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21999 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23145 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37789 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37789/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-06-16T14:55:49Z",
"generator": {
"date": "2025-06-16T14:55:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01966-1",
"initial_release_date": "2025-06-16T14:55:49Z",
"revision_history": [
{
"date": "2025-06-16T14:55:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150500.13.97.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150500.13.97.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150500.13.97.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150500.13.97.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt-vdso-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt-vdso-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-rt_debug-vdso-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150500.13.97.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150500.13.97.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150500.13.97.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150500.13.97.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.14.21-150500.13.97.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch"
},
"product_reference": "kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150500.13.97.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150500.13.97.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150500.13.97.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150500.13.97.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3564"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3564",
"url": "https://www.suse.com/security/cve/CVE-2022-3564"
},
{
"category": "external",
"summary": "SUSE Bug 1206073 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1206073"
},
{
"category": "external",
"summary": "SUSE Bug 1206314 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1206314"
},
{
"category": "external",
"summary": "SUSE Bug 1208030 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208030"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1208085 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2022-3564"
},
{
"cve": "CVE-2022-3619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3619"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3619",
"url": "https://www.suse.com/security/cve/CVE-2022-3619"
},
{
"category": "external",
"summary": "SUSE Bug 1204569 for CVE-2022-3619",
"url": "https://bugzilla.suse.com/1204569"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-3619"
},
{
"cve": "CVE-2022-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3640"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3640",
"url": "https://www.suse.com/security/cve/CVE-2022-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1204619 for CVE-2022-3640",
"url": "https://bugzilla.suse.com/1204619"
},
{
"category": "external",
"summary": "SUSE Bug 1204624 for CVE-2022-3640",
"url": "https://bugzilla.suse.com/1204624"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-3640",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2022-3640"
},
{
"cve": "CVE-2022-49762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: check overflow when iterating ATTR_RECORDs\n\nKernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). \nBecause the ATTR_RECORDs are next to each other, kernel can get the next\nATTR_RECORD from end address of current ATTR_RECORD, through current\nATTR_RECORD length field.\n\nThe problem is that during iteration, when kernel calculates the end\naddress of current ATTR_RECORD, kernel may trigger an integer overflow bug\nin executing `a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a-\u003elength))`. This\nmay wrap, leading to a forever iteration on 32bit systems.\n\nThis patch solves it by adding some checks on calculating end address\nof current ATTR_RECORD during iteration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49762",
"url": "https://www.suse.com/security/cve/CVE-2022-49762"
},
{
"category": "external",
"summary": "SUSE Bug 1242146 for CVE-2022-49762",
"url": "https://bugzilla.suse.com/1242146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49762"
},
{
"cve": "CVE-2022-49763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: fix use-after-free in ntfs_attr_find()\n\nPatch series \"ntfs: fix bugs about Attribute\", v2.\n\nThis patchset fixes three bugs relative to Attribute in record:\n\nPatch 1 adds a sanity check to ensure that, attrs_offset field in first\nmft record loading from disk is within bounds.\n\nPatch 2 moves the ATTR_RECORD\u0027s bounds checking earlier, to avoid\ndereferencing ATTR_RECORD before checking this ATTR_RECORD is within\nbounds.\n\nPatch 3 adds an overflow checking to avoid possible forever loop in\nntfs_attr_find().\n\nWithout patch 1 and patch 2, the kernel triggersa KASAN use-after-free\ndetection as reported by Syzkaller.\n\nAlthough one of patch 1 or patch 2 can fix this, we still need both of\nthem. Because patch 1 fixes the root cause, and patch 2 not only fixes\nthe direct cause, but also fixes the potential out-of-bounds bug.\n\n\nThis patch (of 3):\n\nSyzkaller reported use-after-free read as follows:\n==================================================================\nBUG: KASAN: use-after-free in ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597\nRead of size 2 at addr ffff88807e352009 by task syz-executor153/3607\n\n[...]\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597\n ntfs_attr_lookup+0x1056/0x2070 fs/ntfs/attrib.c:1193\n ntfs_read_inode_mount+0x89a/0x2580 fs/ntfs/inode.c:1845\n ntfs_fill_super+0x1799/0x9320 fs/ntfs/super.c:2854\n mount_bdev+0x34d/0x410 fs/super.c:1400\n legacy_get_tree+0x105/0x220 fs/fs_context.c:610\n vfs_get_tree+0x89/0x2f0 fs/super.c:1530\n do_new_mount fs/namespace.c:3040 [inline]\n path_mount+0x1326/0x1e20 fs/namespace.c:3370\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]\n __se_sys_mount fs/namespace.c:3568 [inline]\n __x64_sys_mount+0x27f/0x300 fs/namespace.c:3568\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage:ffffea0001f8d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e350\nhead:ffffea0001f8d400 order:3 compound_mapcount:0 compound_pincount:0\nflags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011842140\nraw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n ffff88807e351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff88807e351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\u003effff88807e352000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff88807e352080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff88807e352100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================\n\nKernel will loads $MFT/$DATA\u0027s first mft record in\nntfs_read_inode_mount().\n\nYet the problem is that after loading, kernel doesn\u0027t check whether\nattrs_offset field is a valid value.\n\nTo be more specific, if attrs_offset field is larger than bytes_allocated\nfield, then it may trigger the out-of-bounds read bug(reported as\nuse-after-free bug) in ntfs_attr_find(), when kernel tries to access the\ncorresponding mft record\u0027s attribute.\n\nThis patch solves it by adding the sanity check between attrs_offset field\nand bytes_allocated field, after loading the first mft record.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49763",
"url": "https://www.suse.com/security/cve/CVE-2022-49763"
},
{
"category": "external",
"summary": "SUSE Bug 1242249 for CVE-2022-49763",
"url": "https://bugzilla.suse.com/1242249"
},
{
"category": "external",
"summary": "SUSE Bug 1242258 for CVE-2022-49763",
"url": "https://bugzilla.suse.com/1242258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2022-49763"
},
{
"cve": "CVE-2022-49769",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49769"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Check sb_bsize_shift after reading superblock\n\nFuzzers like to scribble over sb_bsize_shift but in reality it\u0027s very\nunlikely that this field would be corrupted on its own. Nevertheless it\nshould be checked to avoid the possibility of messy mount errors due to\nbad calculations. It\u0027s always a fixed value based on the block size so\nwe can just check that it\u0027s the expected value.\n\nTested with:\n\n mkfs.gfs2 -O -p lock_nolock /dev/vdb\n for i in 0 -1 64 65 32 33; do\n gfs2_edit -p sb field sb_bsize_shift $i /dev/vdb\n mount /dev/vdb /mnt/test \u0026\u0026 umount /mnt/test\n done\n\nBefore this patch we get a withdraw after\n\n[ 76.413681] gfs2: fsid=loop0.0: fatal: invalid metadata block\n[ 76.413681] bh = 19 (type: exp=5, found=4)\n[ 76.413681] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492\n\nand with UBSAN configured we also get complaints like\n\n[ 76.373395] UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19\n[ 76.373815] shift exponent 4294967287 is too large for 64-bit type \u0027long unsigned int\u0027\n\nAfter the patch, these complaints don\u0027t appear, mount fails immediately\nand we get an explanation in dmesg.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49769",
"url": "https://www.suse.com/security/cve/CVE-2022-49769"
},
{
"category": "external",
"summary": "SUSE Bug 1242440 for CVE-2022-49769",
"url": "https://bugzilla.suse.com/1242440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49769"
},
{
"cve": "CVE-2022-49770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: avoid putting the realm twice when decoding snaps fails\n\nWhen decoding the snaps fails it maybe leaving the \u0027first_realm\u0027\nand \u0027realm\u0027 pointing to the same snaprealm memory. And then it\u0027ll\nput it twice and could cause random use-after-free, BUG_ON, etc\nissues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49770",
"url": "https://www.suse.com/security/cve/CVE-2022-49770"
},
{
"category": "external",
"summary": "SUSE Bug 1242597 for CVE-2022-49770",
"url": "https://bugzilla.suse.com/1242597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49770"
},
{
"cve": "CVE-2022-49771",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49771"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm ioctl: fix misbehavior if list_versions races with module loading\n\n__list_versions will first estimate the required space using the\n\"dm_target_iterate(list_version_get_needed, \u0026needed)\" call and then will\nfill the space using the \"dm_target_iterate(list_version_get_info,\n\u0026iter_info)\" call. Each of these calls locks the targets using the\n\"down_read(\u0026_lock)\" and \"up_read(\u0026_lock)\" calls, however between the first\nand second \"dm_target_iterate\" there is no lock held and the target\nmodules can be loaded at this point, so the second \"dm_target_iterate\"\ncall may need more space than what was the first \"dm_target_iterate\"\nreturned.\n\nThe code tries to handle this overflow (see the beginning of\nlist_version_get_info), however this handling is incorrect.\n\nThe code sets \"param-\u003edata_size = param-\u003edata_start + needed\" and\n\"iter_info.end = (char *)vers+len\" - \"needed\" is the size returned by the\nfirst dm_target_iterate call; \"len\" is the size of the buffer allocated by\nuserspace.\n\n\"len\" may be greater than \"needed\"; in this case, the code will write up\nto \"len\" bytes into the buffer, however param-\u003edata_size is set to\n\"needed\", so it may write data past the param-\u003edata_size value. The ioctl\ninterface copies only up to param-\u003edata_size into userspace, thus part of\nthe result will be truncated.\n\nFix this bug by setting \"iter_info.end = (char *)vers + needed;\" - this\nguarantees that the second \"dm_target_iterate\" call will write only up to\nthe \"needed\" buffer and it will exit with \"DM_BUFFER_FULL_FLAG\" if it\noverflows the \"needed\" space - in this case, userspace will allocate a\nlarger buffer and retry.\n\nNote that there is also a bug in list_version_get_needed - we need to add\n\"strlen(tt-\u003ename) + 1\" to the needed size, not \"strlen(tt-\u003ename)\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49771",
"url": "https://www.suse.com/security/cve/CVE-2022-49771"
},
{
"category": "external",
"summary": "SUSE Bug 1242686 for CVE-2022-49771",
"url": "https://bugzilla.suse.com/1242686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49771"
},
{
"cve": "CVE-2022-49772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()\n\nsnd_usbmidi_output_open() has a check of the NULL port with\nsnd_BUG_ON(). snd_BUG_ON() was used as this shouldn\u0027t have happened,\nbut in reality, the NULL port may be seen when the device gives an\ninvalid endpoint setup at the descriptor, hence the driver skips the\nallocation. That is, the check itself is valid and snd_BUG_ON()\nshould be dropped from there. Otherwise it\u0027s confusing as if it were\na real bug, as recently syzbot stumbled on it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49772",
"url": "https://www.suse.com/security/cve/CVE-2022-49772"
},
{
"category": "external",
"summary": "SUSE Bug 1242147 for CVE-2022-49772",
"url": "https://bugzilla.suse.com/1242147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49772"
},
{
"cve": "CVE-2022-49773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix optc2_configure warning on dcn314\n\n[Why]\ndcn314 uses optc2_configure_crc() that wraps\noptc1_configure_crc() + set additional registers\nnot applicable to dcn314.\nIt\u0027s not critical but when used leads to warning like:\nWARNING: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c\nCall Trace:\n\u003cTASK\u003e\ngeneric_reg_set_ex+0x6d/0xe0 [amdgpu]\noptc2_configure_crc+0x60/0x80 [amdgpu]\ndc_stream_configure_crc+0x129/0x150 [amdgpu]\namdgpu_dm_crtc_configure_crc_source+0x5d/0xe0 [amdgpu]\n\n[How]\nUse optc1_configure_crc() directly",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49773",
"url": "https://www.suse.com/security/cve/CVE-2022-49773"
},
{
"category": "external",
"summary": "SUSE Bug 1242311 for CVE-2022-49773",
"url": "https://bugzilla.suse.com/1242311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49773"
},
{
"cve": "CVE-2022-49775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: cdg: allow tcp_cdg_release() to be called multiple times\n\nApparently, mptcp is able to call tcp_disconnect() on an already\ndisconnected flow. This is generally fine, unless current congestion\ncontrol is CDG, because it might trigger a double-free [1]\n\nInstead of fixing MPTCP, and future bugs, we can make tcp_disconnect()\nmore resilient.\n\n[1]\nBUG: KASAN: double-free in slab_free mm/slub.c:3539 [inline]\nBUG: KASAN: double-free in kfree+0xe2/0x580 mm/slub.c:4567\n\nCPU: 0 PID: 3645 Comm: kworker/0:7 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: events mptcp_worker\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x719 mm/kasan/report.c:433\nkasan_report_invalid_free+0x81/0x190 mm/kasan/report.c:462\n____kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:356\nkasan_slab_free include/linux/kasan.h:200 [inline]\nslab_free_hook mm/slub.c:1759 [inline]\nslab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785\nslab_free mm/slub.c:3539 [inline]\nkfree+0xe2/0x580 mm/slub.c:4567\ntcp_disconnect+0x980/0x1e20 net/ipv4/tcp.c:3145\n__mptcp_close_ssk+0x5ca/0x7e0 net/mptcp/protocol.c:2327\nmptcp_do_fastclose net/mptcp/protocol.c:2592 [inline]\nmptcp_worker+0x78c/0xff0 net/mptcp/protocol.c:2627\nprocess_one_work+0x991/0x1610 kernel/workqueue.c:2289\nworker_thread+0x665/0x1080 kernel/workqueue.c:2436\nkthread+0x2e4/0x3a0 kernel/kthread.c:376\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n\u003c/TASK\u003e\n\nAllocated by task 3671:\nkasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\nkasan_set_track mm/kasan/common.c:45 [inline]\nset_alloc_info mm/kasan/common.c:437 [inline]\n____kasan_kmalloc mm/kasan/common.c:516 [inline]\n____kasan_kmalloc mm/kasan/common.c:475 [inline]\n__kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525\nkmalloc_array include/linux/slab.h:640 [inline]\nkcalloc include/linux/slab.h:671 [inline]\ntcp_cdg_init+0x10d/0x170 net/ipv4/tcp_cdg.c:380\ntcp_init_congestion_control+0xab/0x550 net/ipv4/tcp_cong.c:193\ntcp_reinit_congestion_control net/ipv4/tcp_cong.c:217 [inline]\ntcp_set_congestion_control+0x96c/0xaa0 net/ipv4/tcp_cong.c:391\ndo_tcp_setsockopt+0x505/0x2320 net/ipv4/tcp.c:3513\ntcp_setsockopt+0xd4/0x100 net/ipv4/tcp.c:3801\nmptcp_setsockopt+0x35f/0x2570 net/mptcp/sockopt.c:844\n__sys_setsockopt+0x2d6/0x690 net/socket.c:2252\n__do_sys_setsockopt net/socket.c:2263 [inline]\n__se_sys_setsockopt net/socket.c:2260 [inline]\n__x64_sys_setsockopt+0xba/0x150 net/socket.c:2260\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 16:\nkasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\nkasan_set_track+0x21/0x30 mm/kasan/common.c:45\nkasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370\n____kasan_slab_free mm/kasan/common.c:367 [inline]\n____kasan_slab_free+0x166/0x1c0 mm/kasan/common.c:329\nkasan_slab_free include/linux/kasan.h:200 [inline]\nslab_free_hook mm/slub.c:1759 [inline]\nslab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785\nslab_free mm/slub.c:3539 [inline]\nkfree+0xe2/0x580 mm/slub.c:4567\ntcp_cleanup_congestion_control+0x70/0x120 net/ipv4/tcp_cong.c:226\ntcp_v4_destroy_sock+0xdd/0x750 net/ipv4/tcp_ipv4.c:2254\ntcp_v6_destroy_sock+0x11/0x20 net/ipv6/tcp_ipv6.c:1969\ninet_csk_destroy_sock+0x196/0x440 net/ipv4/inet_connection_sock.c:1157\ntcp_done+0x23b/0x340 net/ipv4/tcp.c:4649\ntcp_rcv_state_process+0x40e7/0x4990 net/ipv4/tcp_input.c:6624\ntcp_v6_do_rcv+0x3fc/0x13c0 net/ipv6/tcp_ipv6.c:1525\ntcp_v6_rcv+0x2e8e/0x3830 net/ipv6/tcp_ipv6.c:1759\nip6_protocol_deliver_rcu+0x2db/0x1950 net/ipv6/ip6_input.c:439\nip6_input_finish+0x14c/0x2c0 net/ipv6/ip6_input.c:484\nNF_HOOK include/linux/netfilter.h:302 [inline]\nNF_HOOK include/linux/netfilter.h:296 [inline]\nip6_input+0x9c/0xd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49775",
"url": "https://www.suse.com/security/cve/CVE-2022-49775"
},
{
"category": "external",
"summary": "SUSE Bug 1242245 for CVE-2022-49775",
"url": "https://bugzilla.suse.com/1242245"
},
{
"category": "external",
"summary": "SUSE Bug 1242257 for CVE-2022-49775",
"url": "https://bugzilla.suse.com/1242257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2022-49775"
},
{
"cve": "CVE-2022-49776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: enforce a consistent minimal mtu\n\nmacvlan should enforce a minimal mtu of 68, even at link creation.\n\nThis patch avoids the current behavior (which could lead to crashes\nin ipv6 stack if the link is brought up)\n\n$ ip link add macvlan1 link eno1 mtu 8 type macvlan # This should fail !\n$ ip link sh dev macvlan1\n5: macvlan1@eno1: \u003cBROADCAST,MULTICAST\u003e mtu 8 qdisc noop\n state DOWN mode DEFAULT group default qlen 1000\n link/ether 02:47:6c:24:74:82 brd ff:ff:ff:ff:ff:ff\n$ ip link set macvlan1 mtu 67\nError: mtu less than device minimum.\n$ ip link set macvlan1 mtu 68\n$ ip link set macvlan1 mtu 8\nError: mtu less than device minimum.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49776",
"url": "https://www.suse.com/security/cve/CVE-2022-49776"
},
{
"category": "external",
"summary": "SUSE Bug 1242248 for CVE-2022-49776",
"url": "https://bugzilla.suse.com/1242248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49776"
},
{
"cve": "CVE-2022-49777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: i8042 - fix leaking of platform device on module removal\n\nAvoid resetting the module-wide i8042_platform_device pointer in\ni8042_probe() or i8042_remove(), so that the device can be properly\ndestroyed by i8042_exit() on module unload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49777",
"url": "https://www.suse.com/security/cve/CVE-2022-49777"
},
{
"category": "external",
"summary": "SUSE Bug 1242232 for CVE-2022-49777",
"url": "https://bugzilla.suse.com/1242232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49777"
},
{
"cve": "CVE-2022-49779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: Skip clearing aggrprobe\u0027s post_handler in kprobe-on-ftrace case\n\nIn __unregister_kprobe_top(), if the currently unregistered probe has\npost_handler but other child probes of the aggrprobe do not have\npost_handler, the post_handler of the aggrprobe is cleared. If this is\na ftrace-based probe, there is a problem. In later calls to\ndisarm_kprobe(), we will use kprobe_ftrace_ops because post_handler is\nNULL. But we\u0027re armed with kprobe_ipmodify_ops. This triggers a WARN in\n__disarm_kprobe_ftrace() and may even cause use-after-free:\n\n Failed to disarm kprobe-ftrace at kernel_clone+0x0/0x3c0 (error -2)\n WARNING: CPU: 5 PID: 137 at kernel/kprobes.c:1135 __disarm_kprobe_ftrace.isra.21+0xcf/0xe0\n Modules linked in: testKprobe_007(-)\n CPU: 5 PID: 137 Comm: rmmod Not tainted 6.1.0-rc4-dirty #18\n [...]\n Call Trace:\n \u003cTASK\u003e\n __disable_kprobe+0xcd/0xe0\n __unregister_kprobe_top+0x12/0x150\n ? mutex_lock+0xe/0x30\n unregister_kprobes.part.23+0x31/0xa0\n unregister_kprobe+0x32/0x40\n __x64_sys_delete_module+0x15e/0x260\n ? do_user_addr_fault+0x2cd/0x6b0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n\nFor the kprobe-on-ftrace case, we keep the post_handler setting to\nidentify this aggrprobe armed with kprobe_ipmodify_ops. This way we\ncan disarm it correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49779",
"url": "https://www.suse.com/security/cve/CVE-2022-49779"
},
{
"category": "external",
"summary": "SUSE Bug 1242261 for CVE-2022-49779",
"url": "https://bugzilla.suse.com/1242261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49779"
},
{
"cve": "CVE-2022-49781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling\n\namd_pmu_enable_all() does:\n\n if (!test_bit(idx, cpuc-\u003eactive_mask))\n continue;\n\n amd_pmu_enable_event(cpuc-\u003eevents[idx]);\n\nA perf NMI of another event can come between these two steps. Perf NMI\nhandler internally disables and enables _all_ events, including the one\nwhich nmi-intercepted amd_pmu_enable_all() was in process of enabling.\nIf that unintentionally enabled event has very low sampling period and\ncauses immediate successive NMI, causing the event to be throttled,\ncpuc-\u003eevents[idx] and cpuc-\u003eactive_mask gets cleared by x86_pmu_stop().\nThis will result in amd_pmu_enable_event() getting called with event=NULL\nwhen amd_pmu_enable_all() resumes after handling the NMIs. This causes a\nkernel crash:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000198\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n [...]\n Call Trace:\n \u003cTASK\u003e\n amd_pmu_enable_all+0x68/0xb0\n ctx_resched+0xd9/0x150\n event_function+0xb8/0x130\n ? hrtimer_start_range_ns+0x141/0x4a0\n ? perf_duration_warn+0x30/0x30\n remote_function+0x4d/0x60\n __flush_smp_call_function_queue+0xc4/0x500\n flush_smp_call_function_queue+0x11d/0x1b0\n do_idle+0x18f/0x2d0\n cpu_startup_entry+0x19/0x20\n start_secondary+0x121/0x160\n secondary_startup_64_no_verify+0xe5/0xeb\n \u003c/TASK\u003e\n\namd_pmu_disable_all()/amd_pmu_enable_all() calls inside perf NMI handler\nwere recently added as part of BRS enablement but I\u0027m not sure whether\nwe really need them. We can just disable BRS in the beginning and enable\nit back while returning from NMI. This will solve the issue by not\nenabling those events whose active_masks are set but are not yet enabled\nin hw pmu.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49781",
"url": "https://www.suse.com/security/cve/CVE-2022-49781"
},
{
"category": "external",
"summary": "SUSE Bug 1242302 for CVE-2022-49781",
"url": "https://bugzilla.suse.com/1242302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49781"
},
{
"cve": "CVE-2022-49783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49783"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Drop fpregs lock before inheriting FPU permissions\n\nMike Galbraith reported the following against an old fork of preempt-rt\nbut the same issue also applies to the current preempt-rt tree.\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: systemd\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n Preemption disabled at:\n fpu_clone\n CPU: 6 PID: 1 Comm: systemd Tainted: G E (unreleased)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n ? fpu_clone\n __might_resched\n rt_spin_lock\n fpu_clone\n ? copy_thread\n ? copy_process\n ? shmem_alloc_inode\n ? kmem_cache_alloc\n ? kernel_clone\n ? __do_sys_clone\n ? do_syscall_64\n ? __x64_sys_rt_sigprocmask\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? exc_page_fault\n ? entry_SYSCALL_64_after_hwframe\n \u003c/TASK\u003e\n\nMike says:\n\n The splat comes from fpu_inherit_perms() being called under fpregs_lock(),\n and us reaching the spin_lock_irq() therein due to fpu_state_size_dynamic()\n returning true despite static key __fpu_state_size_dynamic having never\n been enabled.\n\nMike\u0027s assessment looks correct. fpregs_lock on a PREEMPT_RT kernel disables\npreemption so calling spin_lock_irq() in fpu_inherit_perms() is unsafe. This\nproblem exists since commit\n\n 9e798e9aa14c (\"x86/fpu: Prepare fpu_clone() for dynamically enabled features\").\n\nEven though the original bug report should not have enabled the paths at\nall, the bug still exists.\n\nfpregs_lock is necessary when editing the FPU registers or a task\u0027s FP\nstate but it is not necessary for fpu_inherit_perms(). The only write\nof any FP state in fpu_inherit_perms() is for the new child which is\nnot running yet and cannot context switch or be borrowed by a kernel\nthread yet. Hence, fpregs_lock is not protecting anything in the new\nchild until clone() completes and can be dropped earlier. The siglock\nstill needs to be acquired by fpu_inherit_perms() as the read of the\nparent\u0027s permissions has to be serialised.\n\n [ bp: Cleanup splat. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49783",
"url": "https://www.suse.com/security/cve/CVE-2022-49783"
},
{
"category": "external",
"summary": "SUSE Bug 1242312 for CVE-2022-49783",
"url": "https://bugzilla.suse.com/1242312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49783"
},
{
"cve": "CVE-2022-49784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd/uncore: Fix memory leak for events array\n\nWhen a CPU comes online, the per-CPU NB and LLC uncore contexts are\nfreed but not the events array within the context structure. This\ncauses a memory leak as identified by the kmemleak detector.\n\n [...]\n unreferenced object 0xffff8c5944b8e320 (size 32):\n comm \"swapper/0\", pid 1, jiffies 4294670387 (age 151.072s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c000000000759fb79\u003e] amd_uncore_cpu_up_prepare+0xaf/0x230\n [\u003c00000000ddc9e126\u003e] cpuhp_invoke_callback+0x2cf/0x470\n [\u003c0000000093e727d4\u003e] cpuhp_issue_call+0x14d/0x170\n [\u003c0000000045464d54\u003e] __cpuhp_setup_state_cpuslocked+0x11e/0x330\n [\u003c0000000069f67cbd\u003e] __cpuhp_setup_state+0x6b/0x110\n [\u003c0000000015365e0f\u003e] amd_uncore_init+0x260/0x321\n [\u003c00000000089152d2\u003e] do_one_initcall+0x3f/0x1f0\n [\u003c000000002d0bd18d\u003e] kernel_init_freeable+0x1ca/0x212\n [\u003c0000000030be8dde\u003e] kernel_init+0x11/0x120\n [\u003c0000000059709e59\u003e] ret_from_fork+0x22/0x30\n unreferenced object 0xffff8c5944b8dd40 (size 64):\n comm \"swapper/0\", pid 1, jiffies 4294670387 (age 151.072s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000306efe8b\u003e] amd_uncore_cpu_up_prepare+0x183/0x230\n [\u003c00000000ddc9e126\u003e] cpuhp_invoke_callback+0x2cf/0x470\n [\u003c0000000093e727d4\u003e] cpuhp_issue_call+0x14d/0x170\n [\u003c0000000045464d54\u003e] __cpuhp_setup_state_cpuslocked+0x11e/0x330\n [\u003c0000000069f67cbd\u003e] __cpuhp_setup_state+0x6b/0x110\n [\u003c0000000015365e0f\u003e] amd_uncore_init+0x260/0x321\n [\u003c00000000089152d2\u003e] do_one_initcall+0x3f/0x1f0\n [\u003c000000002d0bd18d\u003e] kernel_init_freeable+0x1ca/0x212\n [\u003c0000000030be8dde\u003e] kernel_init+0x11/0x120\n [\u003c0000000059709e59\u003e] ret_from_fork+0x22/0x30\n [...]\n\nFix the problem by freeing the events array before freeing the uncore\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49784",
"url": "https://www.suse.com/security/cve/CVE-2022-49784"
},
{
"category": "external",
"summary": "SUSE Bug 1242349 for CVE-2022-49784",
"url": "https://bugzilla.suse.com/1242349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "low"
}
],
"title": "CVE-2022-49784"
},
{
"cve": "CVE-2022-49786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49786"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: properly pin the parent in blkcg_css_online\n\nblkcg_css_online is supposed to pin the blkcg of the parent, but\n397c9f46ee4d refactored things and along the way, changed it to pin the\ncss instead. This results in extra pins, and we end up leaking blkcgs\nand cgroups.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49786",
"url": "https://www.suse.com/security/cve/CVE-2022-49786"
},
{
"category": "external",
"summary": "SUSE Bug 1242351 for CVE-2022-49786",
"url": "https://bugzilla.suse.com/1242351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "low"
}
],
"title": "CVE-2022-49786"
},
{
"cve": "CVE-2022-49787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()\n\npci_get_device() will increase the reference count for the returned\npci_dev. We need to use pci_dev_put() to decrease the reference count\nbefore amd_probe() returns. There is no problem for the \u0027smbus_dev ==\nNULL\u0027 branch because pci_dev_put() can also handle the NULL input\nparameter case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49787",
"url": "https://www.suse.com/security/cve/CVE-2022-49787"
},
{
"category": "external",
"summary": "SUSE Bug 1242352 for CVE-2022-49787",
"url": "https://bugzilla.suse.com/1242352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49787"
},
{
"cve": "CVE-2022-49788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()\n\n`struct vmci_event_qp` allocated by qp_notify_peer() contains padding,\nwhich may carry uninitialized data to the userspace, as observed by\nKMSAN:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121\n instrument_copy_to_user ./include/linux/instrumented.h:121\n _copy_to_user+0x5f/0xb0 lib/usercopy.c:33\n copy_to_user ./include/linux/uaccess.h:169\n vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431\n vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925\n vfs_ioctl fs/ioctl.c:51\n ...\n\n Uninit was stored to memory at:\n kmemdup+0x74/0xb0 mm/util.c:131\n dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271\n vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339\n qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940\n vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488\n vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927\n ...\n\n Local variable ev created at:\n qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n\n Bytes 28-31 of 48 are uninitialized\n Memory access of size 48 starts at ffff888035155e00\n Data copied to user address 0000000020000100\n\nUse memset() to prevent the infoleaks.\n\nAlso speculatively fix qp_notify_peer_local(), which may suffer from the\nsame problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49788",
"url": "https://www.suse.com/security/cve/CVE-2022-49788"
},
{
"category": "external",
"summary": "SUSE Bug 1242353 for CVE-2022-49788",
"url": "https://bugzilla.suse.com/1242353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49788"
},
{
"cve": "CVE-2022-49789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49789"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: zfcp: Fix double free of FSF request when qdio send fails\n\nWe used to use the wrong type of integer in \u0027zfcp_fsf_req_send()\u0027 to cache\nthe FSF request ID when sending a new FSF request. This is used in case the\nsending fails and we need to remove the request from our internal hash\ntable again (so we don\u0027t keep an invalid reference and use it when we free\nthe request again).\n\nIn \u0027zfcp_fsf_req_send()\u0027 we used to cache the ID as \u0027int\u0027 (signed and 32\nbit wide), but the rest of the zfcp code (and the firmware specification)\nhandles the ID as \u0027unsigned long\u0027/\u0027u64\u0027 (unsigned and 64 bit wide [s390x\nELF ABI]). For one this has the obvious problem that when the ID grows\npast 32 bit (this can happen reasonably fast) it is truncated to 32 bit\nwhen storing it in the cache variable and so doesn\u0027t match the original ID\nanymore. The second less obvious problem is that even when the original ID\nhas not yet grown past 32 bit, as soon as the 32nd bit is set in the\noriginal ID (0x80000000 = 2\u0027147\u0027483\u0027648) we will have a mismatch when we\ncast it back to \u0027unsigned long\u0027. As the cached variable is of a signed\ntype, the compiler will choose a sign-extending instruction to load the 32\nbit variable into a 64 bit register (e.g.: \u0027lgf %r11,188(%r15)\u0027). So once\nwe pass the cached variable into \u0027zfcp_reqlist_find_rm()\u0027 to remove the\nrequest again all the leading zeros will be flipped to ones to extend the\nsign and won\u0027t match the original ID anymore (this has been observed in\npractice).\n\nIf we can\u0027t successfully remove the request from the hash table again after\n\u0027zfcp_qdio_send()\u0027 fails (this happens regularly when zfcp cannot notify\nthe adapter about new work because the adapter is already gone during\ne.g. a ChpID toggle) we will end up with a double free. We unconditionally\nfree the request in the calling function when \u0027zfcp_fsf_req_send()\u0027 fails,\nbut because the request is still in the hash table we end up with a stale\nmemory reference, and once the zfcp adapter is either reset during recovery\nor shutdown we end up freeing the same memory twice.\n\nThe resulting stack traces vary depending on the kernel and have no direct\ncorrelation to the place where the bug occurs. Here are three examples that\nhave been seen in practice:\n\n list_del corruption. next-\u003eprev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00)\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:62!\n monitor event: 0040 ilc:2 [#1] PREEMPT SMP\n Modules linked in: ...\n CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded\n Hardware name: ...\n Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3\n Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6\n 0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8\n 00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800\n 00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70\n Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336\n 00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8\n #00000003cbeea1f4: af000000 mc 0,0\n \u003e00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78\n 00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48\n 00000003cbeea204: b9040043 lgr %r4,%r3\n 00000003cbeea208: b9040051 lgr %r5,%r1\n 00000003cbeea20c: b9040032 lgr %r3,%r2\n Call Trace:\n [\u003c00000003cbeea1f8\u003e] __list_del_entry_valid+0x98/0x140\n ([\u003c00000003cbeea1f4\u003e] __list_del_entry_valid+0x94/0x140)\n [\u003c000003ff7ff502fe\u003e] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp]\n [\u003c000003ff7ff49cd0\u003e] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp]\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49789",
"url": "https://www.suse.com/security/cve/CVE-2022-49789"
},
{
"category": "external",
"summary": "SUSE Bug 1242366 for CVE-2022-49789",
"url": "https://bugzilla.suse.com/1242366"
},
{
"category": "external",
"summary": "SUSE Bug 1242376 for CVE-2022-49789",
"url": "https://bugzilla.suse.com/1242376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2022-49789"
},
{
"cve": "CVE-2022-49790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - invert valid length check when fetching device IDs\n\nsyzbot is reporting uninitialized value at iforce_init_device() [1], for\ncommit 6ac0aec6b0a6 (\"Input: iforce - allow callers supply data buffer\nwhen fetching device IDs\") is checking that valid length is shorter than\nbytes to read. Since iforce_get_id_packet() stores valid length when\nreturning 0, the caller needs to check that valid length is longer than or\nequals to bytes to read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49790",
"url": "https://www.suse.com/security/cve/CVE-2022-49790"
},
{
"category": "external",
"summary": "SUSE Bug 1242387 for CVE-2022-49790",
"url": "https://bugzilla.suse.com/1242387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49790"
},
{
"cve": "CVE-2022-49792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49792"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: mp2629: fix potential array out of bound access\n\nAdd sentinel at end of maps to avoid potential array out of\nbound access in iio core.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49792",
"url": "https://www.suse.com/security/cve/CVE-2022-49792"
},
{
"category": "external",
"summary": "SUSE Bug 1242389 for CVE-2022-49792",
"url": "https://bugzilla.suse.com/1242389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49792"
},
{
"cve": "CVE-2022-49793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()\n\ndev_set_name() allocates memory for name, it need be freed\nwhen device_add() fails, call put_device() to give up the\nreference that hold in device_initialize(), so that it can\nbe freed in kobject_cleanup() when the refcount hit to 0.\n\nFault injection test can trigger this:\n\nunreferenced object 0xffff8e8340a7b4c0 (size 32):\n comm \"modprobe\", pid 243, jiffies 4294678145 (age 48.845s)\n hex dump (first 32 bytes):\n 69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65 iio_sysfs_trigge\n 72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff r..@............\n backtrace:\n [\u003c0000000074999de8\u003e] __kmem_cache_alloc_node+0x1e9/0x360\n [\u003c00000000497fd30b\u003e] __kmalloc_node_track_caller+0x44/0x1a0\n [\u003c000000003636c520\u003e] kstrdup+0x2d/0x60\n [\u003c0000000032f84da2\u003e] kobject_set_name_vargs+0x1e/0x90\n [\u003c0000000092efe493\u003e] dev_set_name+0x4e/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49793",
"url": "https://www.suse.com/security/cve/CVE-2022-49793"
},
{
"category": "external",
"summary": "SUSE Bug 1242391 for CVE-2022-49793",
"url": "https://bugzilla.suse.com/1242391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49793"
},
{
"cve": "CVE-2022-49794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()\n\nIf iio_trigger_register() returns error, it should call iio_trigger_free()\nto give up the reference that hold in iio_trigger_alloc(), so that it can\ncall iio_trig_release() to free memory when the refcount hit to 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49794",
"url": "https://www.suse.com/security/cve/CVE-2022-49794"
},
{
"category": "external",
"summary": "SUSE Bug 1242392 for CVE-2022-49794",
"url": "https://bugzilla.suse.com/1242392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49794"
},
{
"cve": "CVE-2022-49795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrethook: fix a potential memleak in rethook_alloc()\n\nIn rethook_alloc(), the variable rh is not freed or passed out\nif handler is NULL, which could lead to a memleak, fix it.\n\n[Masami: Add \"rethook:\" tag to the title.]\n\nAcke-by: Masami Hiramatsu (Google) \u003cmhiramat@kernel.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49795",
"url": "https://www.suse.com/security/cve/CVE-2022-49795"
},
{
"category": "external",
"summary": "SUSE Bug 1242298 for CVE-2022-49795",
"url": "https://bugzilla.suse.com/1242298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49795"
},
{
"cve": "CVE-2022-49796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()\n\nWhen test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it\nwill goto delete, which will call kprobe_event_delete() and release the\ncorresponding resource. However, the trace_array in gen_kretprobe_test\nwill point to the invalid resource. Set gen_kretprobe_test to NULL\nafter called kprobe_event_delete() to prevent null-ptr-deref.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000070\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 0 PID: 246 Comm: modprobe Tainted: G W\n6.1.0-rc1-00174-g9522dc5c87da-dirty #248\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0\nCode: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c\n01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 \u003c44\u003e 8b 65\n70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f\nRSP: 0018:ffffc9000159fe00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000\nRDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001\nR10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064\nR13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000\nFS: 00007f89eeff6540(0000) GS:ffff88813b600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __ftrace_set_clr_event+0x3e/0x60\n trace_array_set_clr_event+0x35/0x50\n ? 0xffffffffa0000000\n kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test]\n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f89eeb061b7",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49796",
"url": "https://www.suse.com/security/cve/CVE-2022-49796"
},
{
"category": "external",
"summary": "SUSE Bug 1242305 for CVE-2022-49796",
"url": "https://bugzilla.suse.com/1242305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49796"
},
{
"cve": "CVE-2022-49797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()\n\nWhen trace_get_event_file() failed, gen_kretprobe_test will be assigned\nas the error code. If module kprobe_event_gen_test is removed now, the\nnull pointer dereference will happen in kprobe_event_gen_test_exit().\nCheck if gen_kprobe_test or gen_kretprobe_test is error code or NULL\nbefore dereference them.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\nPGD 0 P4D 0\nOops: 0000 [#1] SMP PTI\nCPU: 3 PID: 2210 Comm: modprobe Not tainted\n6.1.0-rc1-00171-g2159299a3b74-dirty #217\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test]\nCode: Unable to access opcode bytes at 0xffffffff9ffffff2.\nRSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246\nRAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000\nRDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c\nRBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800\nR13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __x64_sys_delete_module+0x206/0x380\n ? lockdep_hardirqs_on_prepare+0xd8/0x190\n ? syscall_enter_from_user_mode+0x1c/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49797",
"url": "https://www.suse.com/security/cve/CVE-2022-49797"
},
{
"category": "external",
"summary": "SUSE Bug 1242320 for CVE-2022-49797",
"url": "https://bugzilla.suse.com/1242320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49797"
},
{
"cve": "CVE-2022-49799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix wild-memory-access in register_synth_event()\n\nIn register_synth_event(), if set_synth_event_print_fmt() failed, then\nboth trace_remove_event_call() and unregister_trace_event() will be\ncalled, which means the trace_event_call will call\n__unregister_trace_event() twice. As the result, the second unregister\nwill causes the wild-memory-access.\n\nregister_synth_event\n set_synth_event_print_fmt failed\n trace_remove_event_call\n event_remove\n if call-\u003eevent.funcs then\n __unregister_trace_event (first call)\n unregister_trace_event\n __unregister_trace_event (second call)\n\nFix the bug by avoiding to call the second __unregister_trace_event() by\nchecking if the first one is called.\n\ngeneral protection fault, probably for non-canonical address\n\t0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI\nKASAN: maybe wild-memory-access in range\n[0xdead000000000120-0xdead000000000127]\nCPU: 0 PID: 3807 Comm: modprobe Not tainted\n6.1.0-rc1-00186-g76f33a7eedb4 #299\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_trace_event+0x6e/0x280\nCode: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48\nb8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 \u003c80\u003e 3c 02\n00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b\nRSP: 0018:ffff88810413f370 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000\nRDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20\nRBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481\nR10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122\nR13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028\nFS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __create_synth_event+0x1e37/0x1eb0\n create_or_delete_synth_event+0x110/0x250\n synth_event_run_command+0x2f/0x110\n test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test]\n synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test]\n do_one_initcall+0xdb/0x480\n do_init_module+0x1cf/0x680\n load_module+0x6a50/0x70a0\n __do_sys_finit_module+0x12f/0x1c0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49799",
"url": "https://www.suse.com/security/cve/CVE-2022-49799"
},
{
"category": "external",
"summary": "SUSE Bug 1242264 for CVE-2022-49799",
"url": "https://bugzilla.suse.com/1242264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49799"
},
{
"cve": "CVE-2022-49800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\n\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\n\nunreferenced object 0xffff8881127de000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\n hex dump (first 32 bytes):\n 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test\n 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_\n backtrace:\n [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\n [\u003c0000000039eb1cf5\u003e] 0xffffffffa00083cd\n [\u003c000000000e8c3bc8\u003e] 0xffffffffa00086ba\n [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\n [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\n [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\n [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\n [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\n [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\n hex dump (first 32 bytes):\n 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes\n 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi\n backtrace:\n [\u003c000000004254801a\u003e] kmalloc_trace+0x26/0x100\n [\u003c00000000d4db9a3d\u003e] 0xffffffffa0008071\n [\u003c00000000c31354a5\u003e] 0xffffffffa00086ce\n [\u003c00000000c293d1ea\u003e] do_one_initcall+0xdb/0x480\n [\u003c00000000aa189e6d\u003e] do_init_module+0x1cf/0x680\n [\u003c00000000d513222b\u003e] load_module+0x6a50/0x70a0\n [\u003c000000001fd4d529\u003e] __do_sys_finit_module+0x12f/0x1c0\n [\u003c00000000b36c4c0f\u003e] do_syscall_64+0x3f/0x90\n [\u003c00000000bbf20cf3\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49800",
"url": "https://www.suse.com/security/cve/CVE-2022-49800"
},
{
"category": "external",
"summary": "SUSE Bug 1242265 for CVE-2022-49800",
"url": "https://bugzilla.suse.com/1242265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49800"
},
{
"cve": "CVE-2022-49801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49801"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in tracing_read_pipe()\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff888105a18900 (size 128):\n comm \"test_progs\", pid 18933, jiffies 4336275356 (age 22801.766s)\n hex dump (first 32 bytes):\n 25 73 00 90 81 88 ff ff 26 05 00 00 42 01 58 04 %s......\u0026...B.X.\n 03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000560143a1\u003e] __kmalloc_node_track_caller+0x4a/0x140\n [\u003c000000006af00822\u003e] krealloc+0x8d/0xf0\n [\u003c00000000c309be6a\u003e] trace_iter_expand_format+0x99/0x150\n [\u003c000000005a53bdb6\u003e] trace_check_vprintf+0x1e0/0x11d0\n [\u003c0000000065629d9d\u003e] trace_event_printf+0xb6/0xf0\n [\u003c000000009a690dc7\u003e] trace_raw_output_bpf_trace_printk+0x89/0xc0\n [\u003c00000000d22db172\u003e] print_trace_line+0x73c/0x1480\n [\u003c00000000cdba76ba\u003e] tracing_read_pipe+0x45c/0x9f0\n [\u003c0000000015b58459\u003e] vfs_read+0x17b/0x7c0\n [\u003c000000004aeee8ed\u003e] ksys_read+0xed/0x1c0\n [\u003c0000000063d3d898\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000a06dda7f\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\niter-\u003efmt alloced in\n tracing_read_pipe() -\u003e .. -\u003etrace_iter_expand_format(), but not\nfreed, to fix, add free in tracing_release_pipe()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49801",
"url": "https://www.suse.com/security/cve/CVE-2022-49801"
},
{
"category": "external",
"summary": "SUSE Bug 1242338 for CVE-2022-49801",
"url": "https://bugzilla.suse.com/1242338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49801"
},
{
"cve": "CVE-2022-49802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix null pointer dereference in ftrace_add_mod()\n\nThe @ftrace_mod is allocated by kzalloc(), so both the members {prev,next}\nof @ftrace_mode-\u003elist are NULL, it\u0027s not a valid state to call list_del().\nIf kstrdup() for @ftrace_mod-\u003e{func|module} fails, it goes to @out_free\ntag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del()\nwill write prev-\u003enext and next-\u003eprev, where null pointer dereference\nhappens.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCall Trace:\n \u003cTASK\u003e\n ftrace_mod_callback+0x20d/0x220\n ? do_filp_open+0xd9/0x140\n ftrace_process_regex.isra.51+0xbf/0x130\n ftrace_regex_write.isra.52.part.53+0x6e/0x90\n vfs_write+0xee/0x3a0\n ? __audit_filter_op+0xb1/0x100\n ? auditd_test_task+0x38/0x50\n ksys_write+0xa5/0xe0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nKernel panic - not syncing: Fatal exception\n\nSo call INIT_LIST_HEAD() to initialize the list member to fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49802",
"url": "https://www.suse.com/security/cve/CVE-2022-49802"
},
{
"category": "external",
"summary": "SUSE Bug 1242270 for CVE-2022-49802",
"url": "https://bugzilla.suse.com/1242270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49802"
},
{
"cve": "CVE-2022-49807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a memory leak in nvmet_auth_set_key\n\nWhen changing dhchap secrets we need to release the old\nsecrets as well.\n\nkmemleak complaint:\n--\nunreferenced object 0xffff8c7f44ed8180 (size 64):\n comm \"check\", pid 7304, jiffies 4295686133 (age 72034.246s)\n hex dump (first 32 bytes):\n 44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq\n 79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8\n backtrace:\n [\u003c00000000b6fc5071\u003e] kstrdup+0x2e/0x60\n [\u003c00000000f0f4633f\u003e] 0xffffffffc0e07ee6\n [\u003c0000000053006c05\u003e] 0xffffffffc0dff783\n [\u003c00000000419ae922\u003e] configfs_write_iter+0xb1/0x120\n [\u003c000000008183c424\u003e] vfs_write+0x2be/0x3c0\n [\u003c000000009005a2a5\u003e] ksys_write+0x5f/0xe0\n [\u003c00000000cd495c89\u003e] do_syscall_64+0x38/0x90\n [\u003c00000000f2a84ac5\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49807",
"url": "https://www.suse.com/security/cve/CVE-2022-49807"
},
{
"category": "external",
"summary": "SUSE Bug 1242357 for CVE-2022-49807",
"url": "https://bugzilla.suse.com/1242357"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49807"
},
{
"cve": "CVE-2022-49809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix skb leak in x25_lapb_receive_frame()\n\nx25_lapb_receive_frame() using skb_copy() to get a private copy of\nskb, the new skb should be freed in the undersized/fragmented skb\nerror handling path. Otherwise there is a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49809",
"url": "https://www.suse.com/security/cve/CVE-2022-49809"
},
{
"category": "external",
"summary": "SUSE Bug 1242402 for CVE-2022-49809",
"url": "https://bugzilla.suse.com/1242402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49809"
},
{
"cve": "CVE-2022-49810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix missing xas_retry() calls in xarray iteration\n\nnetfslib has a number of places in which it performs iteration of an xarray\nwhilst being under the RCU read lock. It *should* call xas_retry() as the\nfirst thing inside of the loop and do \"continue\" if it returns true in case\nthe xarray walker passed out a special value indicating that the walk needs\nto be redone from the root[*].\n\nFix this by adding the missing retry checks.\n\n[*] I wonder if this should be done inside xas_find(), xas_next_node() and\n suchlike, but I\u0027m told that\u0027s not an simple change to effect.\n\nThis can cause an oops like that below. Note the faulting address - this\nis an internal value (|0x2) returned from xarray.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000402\n...\nRIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs]\n...\nCall Trace:\n netfs_rreq_assess+0xa6/0x240 [netfs]\n netfs_readpage+0x173/0x3b0 [netfs]\n ? init_wait_var_entry+0x50/0x50\n filemap_read_page+0x33/0xf0\n filemap_get_pages+0x2f2/0x3f0\n filemap_read+0xaa/0x320\n ? do_filp_open+0xb2/0x150\n ? rmqueue+0x3be/0xe10\n ceph_read_iter+0x1fe/0x680 [ceph]\n ? new_sync_read+0x115/0x1a0\n new_sync_read+0x115/0x1a0\n vfs_read+0xf3/0x180\n ksys_read+0x5f/0xe0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nChanges:\n========\nver #2)\n - Changed an unsigned int to a size_t to reduce the likelihood of an\n overflow as per Willy\u0027s suggestion.\n - Added an additional patch to fix the maths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49810",
"url": "https://www.suse.com/security/cve/CVE-2022-49810"
},
{
"category": "external",
"summary": "SUSE Bug 1242489 for CVE-2022-49810",
"url": "https://bugzilla.suse.com/1242489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49810"
},
{
"cve": "CVE-2022-49812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: switchdev: Fix memory leaks when changing VLAN protocol\n\nThe bridge driver can offload VLANs to the underlying hardware either\nvia switchdev or the 8021q driver. When the former is used, the VLAN is\nmarked in the bridge driver with the \u0027BR_VLFLAG_ADDED_BY_SWITCHDEV\u0027\nprivate flag.\n\nTo avoid the memory leaks mentioned in the cited commit, the bridge\ndriver will try to delete a VLAN via the 8021q driver if the VLAN is not\nmarked with the previously mentioned flag.\n\nWhen the VLAN protocol of the bridge changes, switchdev drivers are\nnotified via the \u0027SWITCHDEV_ATTR_ID_BRIDGE_VLAN_PROTOCOL\u0027 attribute, but\nthe 8021q driver is also called to add the existing VLANs with the new\nprotocol and delete them with the old protocol.\n\nIn case the VLANs were offloaded via switchdev, the above behavior is\nboth redundant and buggy. Redundant because the VLANs are already\nprogrammed in hardware and drivers that support VLAN protocol change\n(currently only mlx5) change the protocol upon the switchdev attribute\nnotification. Buggy because the 8021q driver is called despite these\nVLANs being marked with \u0027BR_VLFLAG_ADDED_BY_SWITCHDEV\u0027. This leads to\nmemory leaks [1] when the VLANs are deleted.\n\nFix by not calling the 8021q driver for VLANs that were already\nprogrammed via switchdev.\n\n[1]\nunreferenced object 0xffff8881f6771200 (size 256):\n comm \"ip\", pid 446855, jiffies 4298238841 (age 55.240s)\n hex dump (first 32 bytes):\n 00 00 7f 0e 83 88 ff ff 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000012819ac\u003e] vlan_vid_add+0x437/0x750\n [\u003c00000000f2281fad\u003e] __br_vlan_set_proto+0x289/0x920\n [\u003c000000000632b56f\u003e] br_changelink+0x3d6/0x13f0\n [\u003c0000000089d25f04\u003e] __rtnl_newlink+0x8ae/0x14c0\n [\u003c00000000f6276baf\u003e] rtnl_newlink+0x5f/0x90\n [\u003c00000000746dc902\u003e] rtnetlink_rcv_msg+0x336/0xa00\n [\u003c000000001c2241c0\u003e] netlink_rcv_skb+0x11d/0x340\n [\u003c0000000010588814\u003e] netlink_unicast+0x438/0x710\n [\u003c00000000e1a4cd5c\u003e] netlink_sendmsg+0x788/0xc40\n [\u003c00000000e8992d4e\u003e] sock_sendmsg+0xb0/0xe0\n [\u003c00000000621b8f91\u003e] ____sys_sendmsg+0x4ff/0x6d0\n [\u003c000000000ea26996\u003e] ___sys_sendmsg+0x12e/0x1b0\n [\u003c00000000684f7e25\u003e] __sys_sendmsg+0xab/0x130\n [\u003c000000004538b104\u003e] do_syscall_64+0x3d/0x90\n [\u003c0000000091ed9678\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49812",
"url": "https://www.suse.com/security/cve/CVE-2022-49812"
},
{
"category": "external",
"summary": "SUSE Bug 1242151 for CVE-2022-49812",
"url": "https://bugzilla.suse.com/1242151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "low"
}
],
"title": "CVE-2022-49812"
},
{
"cve": "CVE-2022-49813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Fix error handling in ena_init()\n\nThe ena_init() won\u0027t destroy workqueue created by\ncreate_singlethread_workqueue() when pci_register_driver() failed.\nCall destroy_workqueue() when pci_register_driver() failed to prevent the\nresource leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49813",
"url": "https://www.suse.com/security/cve/CVE-2022-49813"
},
{
"category": "external",
"summary": "SUSE Bug 1242497 for CVE-2022-49813",
"url": "https://bugzilla.suse.com/1242497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49813"
},
{
"cve": "CVE-2022-49818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix misuse of put_device() in mISDN_register_device()\n\nWe should not release reference by put_device() before calling device_initialize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49818",
"url": "https://www.suse.com/security/cve/CVE-2022-49818"
},
{
"category": "external",
"summary": "SUSE Bug 1242527 for CVE-2022-49818",
"url": "https://bugzilla.suse.com/1242527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49818"
},
{
"cve": "CVE-2022-49821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_dsp_element_register()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device\u0027s\nbus_id string array\"), the name of device is allocated dynamically,\nuse put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nThe \u0027entry\u0027 is going to be freed in mISDN_dsp_dev_release(), so the\nkfree() is removed. list_del() is called in mISDN_dsp_dev_release(),\nso it need be initialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49821",
"url": "https://www.suse.com/security/cve/CVE-2022-49821"
},
{
"category": "external",
"summary": "SUSE Bug 1242542 for CVE-2022-49821",
"url": "https://bugzilla.suse.com/1242542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49821"
},
{
"cve": "CVE-2022-49822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49822"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix connections leak when tlink setup failed\n\nIf the tlink setup failed, lost to put the connections, then\nthe module refcnt leak since the cifsd kthread not exit.\n\nAlso leak the fscache info, and for next mount with fsc, it will\nprint the follow errors:\n CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)\n\nLet\u0027s check the result of tlink setup, and do some cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49822",
"url": "https://www.suse.com/security/cve/CVE-2022-49822"
},
{
"category": "external",
"summary": "SUSE Bug 1242544 for CVE-2022-49822",
"url": "https://bugzilla.suse.com/1242544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "low"
}
],
"title": "CVE-2022-49822"
},
{
"cve": "CVE-2022-49823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tdev_add()\n\nIn ata_tdev_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x3a0\nlr : device_del+0x44/0x3a0\nCall trace:\n device_del+0x48/0x3a0\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tdev_delete+0x24/0x50 [libata]\n ata_tlink_delete+0x40/0xa0 [libata]\n ata_tport_delete+0x2c/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tdev_add(). In the error path, device_del() is called to delete\nthe device which was added earlier in this function, and ata_tdev_free()\nis called to free ata_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49823",
"url": "https://www.suse.com/security/cve/CVE-2022-49823"
},
{
"category": "external",
"summary": "SUSE Bug 1242545 for CVE-2022-49823",
"url": "https://bugzilla.suse.com/1242545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49823"
},
{
"cve": "CVE-2022-49824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tlink_add()\n\nIn ata_tlink_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tlink_delete+0x88/0xb0 [libata]\n ata_tport_delete+0x2c/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tlink_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49824",
"url": "https://www.suse.com/security/cve/CVE-2022-49824"
},
{
"category": "external",
"summary": "SUSE Bug 1242547 for CVE-2022-49824",
"url": "https://bugzilla.suse.com/1242547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49824"
},
{
"cve": "CVE-2022-49825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tport_add()\n\nIn ata_tport_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tport_delete+0x34/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tport_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49825",
"url": "https://www.suse.com/security/cve/CVE-2022-49825"
},
{
"category": "external",
"summary": "SUSE Bug 1242548 for CVE-2022-49825",
"url": "https://bugzilla.suse.com/1242548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49825"
},
{
"cve": "CVE-2022-49826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix double ata_host_put() in ata_tport_add()\n\nIn the error path in ata_tport_add(), when calling put_device(),\nata_tport_release() is called, it will put the refcount of \u0027ap-\u003ehost\u0027.\n\nAnd then ata_host_put() is called again, the refcount is decreased\nto 0, ata_host_release() is called, all ports are freed and set to\nnull.\n\nWhen unbinding the device after failure, ata_host_stop() is called\nto release the resources, it leads a null-ptr-deref(), because all\nthe ports all freed and null.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ata_host_stop+0x3c/0x84 [libata]\nlr : release_nodes+0x64/0xd0\nCall trace:\n ata_host_stop+0x3c/0x84 [libata]\n release_nodes+0x64/0xd0\n devres_release_all+0xbc/0x1b0\n device_unbind_cleanup+0x20/0x70\n really_probe+0x158/0x320\n __driver_probe_device+0x84/0x120\n driver_probe_device+0x44/0x120\n __driver_attach+0xb4/0x220\n bus_for_each_dev+0x78/0xdc\n driver_attach+0x2c/0x40\n bus_add_driver+0x184/0x240\n driver_register+0x80/0x13c\n __pci_register_driver+0x4c/0x60\n ahci_pci_driver_init+0x30/0x1000 [ahci]\n\nFix this by removing redundant ata_host_put() in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49826",
"url": "https://www.suse.com/security/cve/CVE-2022-49826"
},
{
"category": "external",
"summary": "SUSE Bug 1242549 for CVE-2022-49826",
"url": "https://bugzilla.suse.com/1242549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49826"
},
{
"cve": "CVE-2022-49827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()\n\ndrm_vblank_init() call drmm_add_action_or_reset() with\ndrm_vblank_init_release() as action. If __drmm_add_action() failed, will\ndirectly call drm_vblank_init_release() with the vblank whose worker is\nNULL. As the resule, a null-ptr-deref will happen in\nkthread_destroy_worker(). Add the NULL check before calling\ndrm_vblank_destroy_worker().\n\nBUG: null-ptr-deref\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty\nRIP: 0010:kthread_destroy_worker+0x25/0xb0\n Call Trace:\n \u003cTASK\u003e\n drm_vblank_init_release+0x124/0x220 [drm]\n ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm]\n __drmm_add_action_or_reset+0x41/0x50 [drm]\n drm_vblank_init+0x282/0x310 [drm]\n vkms_init+0x35f/0x1000 [vkms]\n ? 0xffffffffc4508000\n ? lock_is_held_type+0xd7/0x130\n ? __kmem_cache_alloc_node+0x1c2/0x2b0\n ? lock_is_held_type+0xd7/0x130\n ? 0xffffffffc4508000\n do_one_initcall+0xd0/0x4f0\n ...\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49827",
"url": "https://www.suse.com/security/cve/CVE-2022-49827"
},
{
"category": "external",
"summary": "SUSE Bug 1242689 for CVE-2022-49827",
"url": "https://bugzilla.suse.com/1242689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49827"
},
{
"cve": "CVE-2022-49830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drv: Fix potential memory leak in drm_dev_init()\n\ndrm_dev_init() will add drm_dev_init_release() as a callback. When\ndrmm_add_action() failed, the release function won\u0027t be added. As the\nresult, the ref cnt added by device_get() in drm_dev_init() won\u0027t be put\nby drm_dev_init_release(), which leads to the memleak. Use\ndrmm_add_action_or_reset() instead of drmm_add_action() to prevent\nmemleak.\n\nunreferenced object 0xffff88810bc0c800 (size 2048):\n comm \"modprobe\", pid 8322, jiffies 4305809845 (age 15.292s)\n hex dump (first 32 bytes):\n e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................\n 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $\u003c.............\n backtrace:\n [\u003c000000007251f72d\u003e] __kmalloc+0x4b/0x1c0\n [\u003c0000000045f21f26\u003e] platform_device_alloc+0x2d/0xe0\n [\u003c000000004452a479\u003e] platform_device_register_full+0x24/0x1c0\n [\u003c0000000089f4ea61\u003e] 0xffffffffa0736051\n [\u003c00000000235b2441\u003e] do_one_initcall+0x7a/0x380\n [\u003c0000000001a4a177\u003e] do_init_module+0x5c/0x230\n [\u003c000000002bf8a8e2\u003e] load_module+0x227d/0x2420\n [\u003c00000000637d6d0a\u003e] __do_sys_finit_module+0xd5/0x140\n [\u003c00000000c99fc324\u003e] do_syscall_64+0x3f/0x90\n [\u003c000000004d85aa77\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49830",
"url": "https://www.suse.com/security/cve/CVE-2022-49830"
},
{
"category": "external",
"summary": "SUSE Bug 1242150 for CVE-2022-49830",
"url": "https://bugzilla.suse.com/1242150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "low"
}
],
"title": "CVE-2022-49830"
},
{
"cve": "CVE-2022-49832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map\n\nHere is the BUG report by KASAN about null pointer dereference:\n\nBUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50\nRead of size 1 at addr 0000000000000000 by task python3/2640\nCall Trace:\n strcmp\n __of_find_property\n of_find_property\n pinctrl_dt_to_map\n\nkasprintf() would return NULL pointer when kmalloc() fail to allocate.\nSo directly return ENOMEM, if kasprintf() return NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49832",
"url": "https://www.suse.com/security/cve/CVE-2022-49832"
},
{
"category": "external",
"summary": "SUSE Bug 1242154 for CVE-2022-49832",
"url": "https://bugzilla.suse.com/1242154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49832"
},
{
"cve": "CVE-2022-49834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free bug of ns_writer on remount\n\nIf a nilfs2 filesystem is downgraded to read-only due to metadata\ncorruption on disk and is remounted read/write, or if emergency read-only\nremount is performed, detaching a log writer and synchronizing the\nfilesystem can be done at the same time.\n\nIn these cases, use-after-free of the log writer (hereinafter\nnilfs-\u003ens_writer) can happen as shown in the scenario below:\n\n Task1 Task2\n -------------------------------- ------------------------------\n nilfs_construct_segment\n nilfs_segctor_sync\n init_wait\n init_waitqueue_entry\n add_wait_queue\n schedule\n nilfs_remount (R/W remount case)\n\t\t\t\t nilfs_attach_log_writer\n nilfs_detach_log_writer\n nilfs_segctor_destroy\n kfree\n finish_wait\n _raw_spin_lock_irqsave\n __raw_spin_lock_irqsave\n do_raw_spin_lock\n debug_spin_lock_before \u003c-- use-after-free\n\nWhile Task1 is sleeping, nilfs-\u003ens_writer is freed by Task2. After Task1\nwaked up, Task1 accesses nilfs-\u003ens_writer which is already freed. This\nscenario diagram is based on the Shigeru Yoshida\u0027s post [1].\n\nThis patch fixes the issue by not detaching nilfs-\u003ens_writer on remount so\nthat this UAF race doesn\u0027t happen. Along with this change, this patch\nalso inserts a few necessary read-only checks with superblock instance\nwhere only the ns_writer pointer was used to check if the filesystem is\nread-only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49834",
"url": "https://www.suse.com/security/cve/CVE-2022-49834"
},
{
"category": "external",
"summary": "SUSE Bug 1242695 for CVE-2022-49834",
"url": "https://bugzilla.suse.com/1242695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49834"
},
{
"cve": "CVE-2022-49835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix potential memleak in \u0027add_widget_node\u0027\n\nAs \u0027kobject_add\u0027 may allocated memory for \u0027kobject-\u003ename\u0027 when return error.\nAnd in this function, if call \u0027kobject_add\u0027 failed didn\u0027t free kobject.\nSo call \u0027kobject_put\u0027 to recycling resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49835",
"url": "https://www.suse.com/security/cve/CVE-2022-49835"
},
{
"category": "external",
"summary": "SUSE Bug 1242385 for CVE-2022-49835",
"url": "https://bugzilla.suse.com/1242385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49835"
},
{
"cve": "CVE-2022-49836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsiox: fix possible memory leak in siox_device_add()\n\nIf device_register() returns error in siox_device_add(),\nthe name allocated by dev_set_name() need be freed. As\ncomment of device_register() says, it should use put_device()\nto give up the reference in the error path. So fix this\nby calling put_device(), then the name can be freed in\nkobject_cleanup(), and sdevice is freed in siox_device_release(),\nset it to null in error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49836",
"url": "https://www.suse.com/security/cve/CVE-2022-49836"
},
{
"category": "external",
"summary": "SUSE Bug 1242355 for CVE-2022-49836",
"url": "https://bugzilla.suse.com/1242355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49836"
},
{
"cve": "CVE-2022-49837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49837"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memory leaks in __check_func_call\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff88817139d000 (size 2048):\n comm \"test_progs\", pid 33246, jiffies 4307381979 (age 45851.820s)\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000045f075f0\u003e] kmalloc_trace+0x27/0xa0\n [\u003c0000000098b7c90a\u003e] __check_func_call+0x316/0x1230\n [\u003c00000000b4c3c403\u003e] check_helper_call+0x172e/0x4700\n [\u003c00000000aa3875b7\u003e] do_check+0x21d8/0x45e0\n [\u003c000000001147357b\u003e] do_check_common+0x767/0xaf0\n [\u003c00000000b5a595b4\u003e] bpf_check+0x43e3/0x5bc0\n [\u003c0000000011e391b1\u003e] bpf_prog_load+0xf26/0x1940\n [\u003c0000000007f765c0\u003e] __sys_bpf+0xd2c/0x3650\n [\u003c00000000839815d6\u003e] __x64_sys_bpf+0x75/0xc0\n [\u003c00000000946ee250\u003e] do_syscall_64+0x3b/0x90\n [\u003c0000000000506b7f\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root case here is: In function prepare_func_exit(), the callee is\nnot released in the abnormal scenario after \"state-\u003ecurframe--;\". To\nfix, move \"state-\u003ecurframe--;\" to the very bottom of the function,\nright when we free callee and reset frame[] pointer to NULL, as Andrii\nsuggested.\n\nIn addition, function __check_func_call() has a similar problem. In\nthe abnormal scenario before \"state-\u003ecurframe++;\", the callee also\nshould be released by free_func_state().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49837",
"url": "https://www.suse.com/security/cve/CVE-2022-49837"
},
{
"category": "external",
"summary": "SUSE Bug 1242160 for CVE-2022-49837",
"url": "https://bugzilla.suse.com/1242160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "low"
}
],
"title": "CVE-2022-49837"
},
{
"cve": "CVE-2022-49839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_transport_sas: Fix error handling in sas_phy_add()\n\nIf transport_add_device() fails in sas_phy_add(), the kernel will crash\ntrying to delete the device in transport_remove_device() called from\nsas_remove_host().\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000108\nCPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x54/0x3d0\nlr : device_del+0x37c/0x3d0\nCall trace:\n device_del+0x54/0x3d0\n attribute_container_class_device_del+0x28/0x38\n transport_remove_classdev+0x6c/0x80\n attribute_container_device_trigger+0x108/0x110\n transport_remove_device+0x28/0x38\n sas_phy_delete+0x30/0x60 [scsi_transport_sas]\n do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas]\n device_for_each_child+0x68/0xb0\n sas_remove_children+0x40/0x50 [scsi_transport_sas]\n sas_remove_host+0x20/0x38 [scsi_transport_sas]\n hisi_sas_remove+0x40/0x68 [hisi_sas_main]\n hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw]\n platform_remove+0x2c/0x60\n\nFix this by checking and handling return value of transport_add_device()\nin sas_phy_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49839",
"url": "https://www.suse.com/security/cve/CVE-2022-49839"
},
{
"category": "external",
"summary": "SUSE Bug 1242443 for CVE-2022-49839",
"url": "https://bugzilla.suse.com/1242443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49839"
},
{
"cve": "CVE-2022-49841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Add missing .thaw_noirq hook\n\nThe following warning is seen with non-console UART instance when\nsystem hibernates.\n\n[ 37.371969] ------------[ cut here ]------------\n[ 37.376599] uart3_root_clk already disabled\n[ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0\n...\n[ 37.506986] Call trace:\n[ 37.509432] clk_core_disable+0xa4/0xb0\n[ 37.513270] clk_disable+0x34/0x50\n[ 37.516672] imx_uart_thaw+0x38/0x5c\n[ 37.520250] platform_pm_thaw+0x30/0x6c\n[ 37.524089] dpm_run_callback.constprop.0+0x3c/0xd4\n[ 37.528972] device_resume+0x7c/0x160\n[ 37.532633] dpm_resume+0xe8/0x230\n[ 37.536036] hibernation_snapshot+0x288/0x430\n[ 37.540397] hibernate+0x10c/0x2e0\n[ 37.543798] state_store+0xc4/0xd0\n[ 37.547203] kobj_attr_store+0x1c/0x30\n[ 37.550953] sysfs_kf_write+0x48/0x60\n[ 37.554619] kernfs_fop_write_iter+0x118/0x1ac\n[ 37.559063] new_sync_write+0xe8/0x184\n[ 37.562812] vfs_write+0x230/0x290\n[ 37.566214] ksys_write+0x68/0xf4\n[ 37.569529] __arm64_sys_write+0x20/0x2c\n[ 37.573452] invoke_syscall.constprop.0+0x50/0xf0\n[ 37.578156] do_el0_svc+0x11c/0x150\n[ 37.581648] el0_svc+0x30/0x140\n[ 37.584792] el0t_64_sync_handler+0xe8/0xf0\n[ 37.588976] el0t_64_sync+0x1a0/0x1a4\n[ 37.592639] ---[ end trace 56e22eec54676d75 ]---\n\nOn hibernating, pm core calls into related hooks in sequence like:\n\n .freeze\n .freeze_noirq\n .thaw_noirq\n .thaw\n\nWith .thaw_noirq hook being absent, the clock will be disabled in a\nunbalanced call which results the warning above.\n\n imx_uart_freeze()\n clk_prepare_enable()\n imx_uart_suspend_noirq()\n clk_disable()\n imx_uart_thaw\n clk_disable_unprepare()\n\nAdding the missing .thaw_noirq hook as imx_uart_resume_noirq() will have\nthe call sequence corrected as below and thus fix the warning.\n\n imx_uart_freeze()\n clk_prepare_enable()\n imx_uart_suspend_noirq()\n clk_disable()\n imx_uart_resume_noirq()\n clk_enable()\n imx_uart_thaw\n clk_disable_unprepare()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49841",
"url": "https://www.suse.com/security/cve/CVE-2022-49841"
},
{
"category": "external",
"summary": "SUSE Bug 1242473 for CVE-2022-49841",
"url": "https://bugzilla.suse.com/1242473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49841"
},
{
"cve": "CVE-2022-49842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Fix use-after-free in snd_soc_exit()\n\nKASAN reports a use-after-free:\n\nBUG: KASAN: use-after-free in device_del+0xb5b/0xc60\nRead of size 8 at addr ffff888008655050 by task rmmod/387\nCPU: 2 PID: 387 Comm: rmmod\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x79/0x9a\nprint_report+0x17f/0x47b\nkasan_report+0xbb/0xf0\ndevice_del+0xb5b/0xc60\nplatform_device_del.part.0+0x24/0x200\nplatform_device_unregister+0x2e/0x40\nsnd_soc_exit+0xa/0x22 [snd_soc_core]\n__do_sys_delete_module.constprop.0+0x34f/0x5b0\ndo_syscall_64+0x3a/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n...\n\u003c/TASK\u003e\n\nIt\u0027s bacause in snd_soc_init(), snd_soc_util_init() is possble to fail,\nbut its ret is ignored, which makes soc_dummy_dev unregistered twice.\n\nsnd_soc_init()\n snd_soc_util_init()\n platform_device_register_simple(soc_dummy_dev)\n platform_driver_register() # fail\n \tplatform_device_unregister(soc_dummy_dev)\n platform_driver_register() # success\n...\nsnd_soc_exit()\n snd_soc_util_exit()\n # soc_dummy_dev will be unregistered for second time\n\nTo fix it, handle error and stop snd_soc_init() when util_init() fail.\nAlso clean debugfs when util_init() or driver_register() fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49842",
"url": "https://www.suse.com/security/cve/CVE-2022-49842"
},
{
"category": "external",
"summary": "SUSE Bug 1242484 for CVE-2022-49842",
"url": "https://bugzilla.suse.com/1242484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49842"
},
{
"cve": "CVE-2022-49845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: j1939_send_one(): fix missing CAN header initialization\n\nThe read access to struct canxl_frame::len inside of a j1939 created\nskbuff revealed a missing initialization of reserved and later filled\nelements in struct can_frame.\n\nThis patch initializes the 8 byte CAN header with zero.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49845",
"url": "https://www.suse.com/security/cve/CVE-2022-49845"
},
{
"category": "external",
"summary": "SUSE Bug 1243133 for CVE-2022-49845",
"url": "https://bugzilla.suse.com/1243133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49845"
},
{
"cve": "CVE-2022-49846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix a slab-out-of-bounds write bug in udf_find_entry()\n\nSyzbot reported a slab-out-of-bounds Write bug:\n\nloop0: detected capacity change from 0 to 2048\n==================================================================\nBUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0\nfs/udf/namei.c:253\nWrite of size 105 at addr ffff8880123ff896 by task syz-executor323/3610\n\nCPU: 0 PID: 3610 Comm: syz-executor323 Not tainted\n6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/11/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189\n memcpy+0x3c/0x60 mm/kasan/shadow.c:66\n udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253\n udf_lookup+0xef/0x340 fs/udf/namei.c:309\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_creat fs/open.c:1402 [inline]\n __se_sys_creat fs/open.c:1396 [inline]\n __x64_sys_creat+0x11f/0x160 fs/open.c:1396\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7ffab0d164d9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe1a7e6bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffab0d164d9\nRDX: 00007ffab0d164d9 RSI: 0000000000000000 RDI: 0000000020000180\nRBP: 00007ffab0cd5a10 R08: 0000000000000000 R09: 0000000000000000\nR10: 00005555573552c0 R11: 0000000000000246 R12: 00007ffab0cd5aa0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 3610:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n ____kasan_kmalloc mm/kasan/common.c:371 [inline]\n __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380\n kmalloc include/linux/slab.h:576 [inline]\n udf_find_entry+0x7b6/0x14f0 fs/udf/namei.c:243\n udf_lookup+0xef/0x340 fs/udf/namei.c:309\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_creat fs/open.c:1402 [inline]\n __se_sys_creat fs/open.c:1396 [inline]\n __x64_sys_creat+0x11f/0x160 fs/open.c:1396\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe buggy address belongs to the object at ffff8880123ff800\n which belongs to the cache kmalloc-256 of size 256\nThe buggy address is located 150 bytes inside of\n 256-byte region [ffff8880123ff800, ffff8880123ff900)\n\nThe buggy address belongs to the physical page:\npage:ffffea000048ff80 refcount:1 mapcount:0 mapping:0000000000000000\nindex:0x0 pfn:0x123fe\nhead:ffffea000048ff80 order:1 compound_mapcount:0 compound_pincount:0\nflags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000010200 ffffea00004b8500 dead000000000003 ffff888012041b40\nraw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as allocated\npage last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(),\npid 1, tgid 1 (swapper/0), ts 1841222404, free_ts 0\n create_dummy_stack mm/page_owner.c:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49846",
"url": "https://www.suse.com/security/cve/CVE-2022-49846"
},
{
"category": "external",
"summary": "SUSE Bug 1242716 for CVE-2022-49846",
"url": "https://bugzilla.suse.com/1242716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49846"
},
{
"cve": "CVE-2022-49850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix deadlock in nilfs_count_free_blocks()\n\nA semaphore deadlock can occur if nilfs_get_block() detects metadata\ncorruption while locating data blocks and a superblock writeback occurs at\nthe same time:\n\ntask 1 task 2\n------ ------\n* A file operation *\nnilfs_truncate()\n nilfs_get_block()\n down_read(rwsem A) \u003c--\n nilfs_bmap_lookup_contig()\n ... generic_shutdown_super()\n nilfs_put_super()\n * Prepare to write superblock *\n down_write(rwsem B) \u003c--\n nilfs_cleanup_super()\n * Detect b-tree corruption * nilfs_set_log_cursor()\n nilfs_bmap_convert_error() nilfs_count_free_blocks()\n __nilfs_error() down_read(rwsem A) \u003c--\n nilfs_set_error()\n down_write(rwsem B) \u003c--\n\n *** DEADLOCK ***\n\nHere, nilfs_get_block() readlocks rwsem A (= NILFS_MDT(dat_inode)-\u003emi_sem)\nand then calls nilfs_bmap_lookup_contig(), but if it fails due to metadata\ncorruption, __nilfs_error() is called from nilfs_bmap_convert_error()\ninside the lock section.\n\nSince __nilfs_error() calls nilfs_set_error() unless the filesystem is\nread-only and nilfs_set_error() attempts to writelock rwsem B (=\nnilfs-\u003ens_sem) to write back superblock exclusively, hierarchical lock\nacquisition occurs in the order rwsem A -\u003e rwsem B.\n\nNow, if another task starts updating the superblock, it may writelock\nrwsem B during the lock sequence above, and can deadlock trying to\nreadlock rwsem A in nilfs_count_free_blocks().\n\nHowever, there is actually no need to take rwsem A in\nnilfs_count_free_blocks() because it, within the lock section, only reads\na single integer data on a shared struct with\nnilfs_sufile_get_ncleansegs(). This has been the case after commit\naa474a220180 (\"nilfs2: add local variable to cache the number of clean\nsegments\"), that is, even before this bug was introduced.\n\nSo, this resolves the deadlock problem by just not taking the semaphore in\nnilfs_count_free_blocks().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49850",
"url": "https://www.suse.com/security/cve/CVE-2022-49850"
},
{
"category": "external",
"summary": "SUSE Bug 1242164 for CVE-2022-49850",
"url": "https://bugzilla.suse.com/1242164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49850"
},
{
"cve": "CVE-2022-49853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macvlan: fix memory leaks of macvlan_common_newlink\n\nkmemleak reports memory leaks in macvlan_common_newlink, as follows:\n\n ip link add link eth0 name .. type macvlan mode source macaddr add\n \u003cMAC-ADDR\u003e\n\nkmemleak reports:\n\nunreferenced object 0xffff8880109bb140 (size 64):\n comm \"ip\", pid 284, jiffies 4294986150 (age 430.108s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff ..........Z.....\n 80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b ..............kk\n backtrace:\n [\u003cffffffff813e06a7\u003e] kmem_cache_alloc_trace+0x1c7/0x300\n [\u003cffffffff81b66025\u003e] macvlan_hash_add_source+0x45/0xc0\n [\u003cffffffff81b66a67\u003e] macvlan_changelink_sources+0xd7/0x170\n [\u003cffffffff81b6775c\u003e] macvlan_common_newlink+0x38c/0x5a0\n [\u003cffffffff81b6797e\u003e] macvlan_newlink+0xe/0x20\n [\u003cffffffff81d97f8f\u003e] __rtnl_newlink+0x7af/0xa50\n [\u003cffffffff81d98278\u003e] rtnl_newlink+0x48/0x70\n ...\n\nIn the scenario where the macvlan mode is configured as \u0027source\u0027,\nmacvlan_changelink_sources() will be execured to reconfigure list of\nremote source mac addresses, at the same time, if register_netdevice()\nreturn an error, the resource generated by macvlan_changelink_sources()\nis not cleaned up.\n\nUsing this patch, in the case of an error, it will execute\nmacvlan_flush_sources() to ensure that the resource is cleaned up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49853",
"url": "https://www.suse.com/security/cve/CVE-2022-49853"
},
{
"category": "external",
"summary": "SUSE Bug 1242688 for CVE-2022-49853",
"url": "https://bugzilla.suse.com/1242688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49853"
},
{
"cve": "CVE-2022-49858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix SQE threshold checking\n\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49858",
"url": "https://www.suse.com/security/cve/CVE-2022-49858"
},
{
"category": "external",
"summary": "SUSE Bug 1242589 for CVE-2022-49858",
"url": "https://bugzilla.suse.com/1242589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49858"
},
{
"cve": "CVE-2022-49860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: fix memory leak when register device fail\n\nIf device_register() fails, it should call put_device() to give\nup reference, the name allocated in dev_set_name() can be freed\nin callback function kobject_cleanup().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49860",
"url": "https://www.suse.com/security/cve/CVE-2022-49860"
},
{
"category": "external",
"summary": "SUSE Bug 1242586 for CVE-2022-49860",
"url": "https://bugzilla.suse.com/1242586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49860"
},
{
"cve": "CVE-2022-49861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()\n\nA clk_prepare_enable() call in the probe is not balanced by a corresponding\nclk_disable_unprepare() in the remove function.\n\nAdd the missing call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49861",
"url": "https://www.suse.com/security/cve/CVE-2022-49861"
},
{
"category": "external",
"summary": "SUSE Bug 1242580 for CVE-2022-49861",
"url": "https://bugzilla.suse.com/1242580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49861"
},
{
"cve": "CVE-2022-49863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: af_can: fix NULL pointer dereference in can_rx_register()\n\nIt causes NULL pointer dereference when testing as following:\n(a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket.\n(b) use syscall(__NR_sendmsg, ...) to create bond link device and vxcan\n link device, and bind vxcan device to bond device (can also use\n ifenslave command to bind vxcan device to bond device).\n(c) use syscall(__NR_socket, 0x1dul, 3ul, 1) to create CAN socket.\n(d) use syscall(__NR_bind, ...) to bind the bond device to CAN socket.\n\nThe bond device invokes the can-raw protocol registration interface to\nreceive CAN packets. However, ml_priv is not allocated to the dev,\ndev_rcv_lists is assigned to NULL in can_rx_register(). In this case,\nit will occur the NULL pointer dereference issue.\n\nThe following is the stack information:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nPGD 122a4067 P4D 122a4067 PUD 1223c067 PMD 0\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:can_rx_register+0x12d/0x1e0\nCall Trace:\n\u003cTASK\u003e\nraw_enable_filters+0x8d/0x120\nraw_enable_allfilters+0x3b/0x130\nraw_bind+0x118/0x4f0\n__sys_bind+0x163/0x1a0\n__x64_sys_bind+0x1e/0x30\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49863",
"url": "https://www.suse.com/security/cve/CVE-2022-49863"
},
{
"category": "external",
"summary": "SUSE Bug 1242169 for CVE-2022-49863",
"url": "https://bugzilla.suse.com/1242169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49863"
},
{
"cve": "CVE-2022-49864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()\n\n./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49864",
"url": "https://www.suse.com/security/cve/CVE-2022-49864"
},
{
"category": "external",
"summary": "SUSE Bug 1242685 for CVE-2022-49864",
"url": "https://bugzilla.suse.com/1242685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49864"
},
{
"cve": "CVE-2022-49865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network\n\nWhen copying a `struct ifaddrlblmsg` to the network, __ifal_reserved\nremained uninitialized, resulting in a 1-byte infoleak:\n\n BUG: KMSAN: kernel-network-infoleak in __netdev_start_xmit ./include/linux/netdevice.h:4841\n __netdev_start_xmit ./include/linux/netdevice.h:4841\n netdev_start_xmit ./include/linux/netdevice.h:4857\n xmit_one net/core/dev.c:3590\n dev_hard_start_xmit+0x1dc/0x800 net/core/dev.c:3606\n __dev_queue_xmit+0x17e8/0x4350 net/core/dev.c:4256\n dev_queue_xmit ./include/linux/netdevice.h:3009\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:307\n __netlink_deliver_tap+0x728/0xad0 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338\n __netlink_sendskb net/netlink/af_netlink.c:1263\n netlink_sendskb+0x1d9/0x200 net/netlink/af_netlink.c:1272\n netlink_unicast+0x56d/0xf50 net/netlink/af_netlink.c:1360\n nlmsg_unicast ./include/net/netlink.h:1061\n rtnl_unicast+0x5a/0x80 net/core/rtnetlink.c:758\n ip6addrlbl_get+0xfad/0x10f0 net/ipv6/addrlabel.c:628\n rtnetlink_rcv_msg+0xb33/0x1570 net/core/rtnetlink.c:6082\n ...\n Uninit was created at:\n slab_post_alloc_hook+0x118/0xb00 mm/slab.h:742\n slab_alloc_node mm/slub.c:3398\n __kmem_cache_alloc_node+0x4f2/0x930 mm/slub.c:3437\n __do_kmalloc_node mm/slab_common.c:954\n __kmalloc_node_track_caller+0x117/0x3d0 mm/slab_common.c:975\n kmalloc_reserve net/core/skbuff.c:437\n __alloc_skb+0x27a/0xab0 net/core/skbuff.c:509\n alloc_skb ./include/linux/skbuff.h:1267\n nlmsg_new ./include/net/netlink.h:964\n ip6addrlbl_get+0x490/0x10f0 net/ipv6/addrlabel.c:608\n rtnetlink_rcv_msg+0xb33/0x1570 net/core/rtnetlink.c:6082\n netlink_rcv_skb+0x299/0x550 net/netlink/af_netlink.c:2540\n rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6109\n netlink_unicast_kernel net/netlink/af_netlink.c:1319\n netlink_unicast+0x9ab/0xf50 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0xebc/0x10f0 net/netlink/af_netlink.c:1921\n ...\n\nThis patch ensures that the reserved field is always initialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49865",
"url": "https://www.suse.com/security/cve/CVE-2022-49865"
},
{
"category": "external",
"summary": "SUSE Bug 1242570 for CVE-2022-49865",
"url": "https://bugzilla.suse.com/1242570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49865"
},
{
"cve": "CVE-2022-49868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49868"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ralink: mt7621-pci: add sentinel to quirks table\n\nWith mt7621 soc_dev_attr fixed to register the soc as a device,\nkernel will experience an oops in soc_device_match_attr\n\nThis quirk test was introduced in the staging driver in\ncommit 9445ccb3714c (\"staging: mt7621-pci-phy: add quirks for \u0027E2\u0027\nrevision using \u0027soc_device_attribute\u0027\"). The staging driver was removed,\nand later re-added in commit d87da32372a0 (\"phy: ralink: Add PHY driver\nfor MT7621 PCIe PHY\") for kernel 5.11",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49868",
"url": "https://www.suse.com/security/cve/CVE-2022-49868"
},
{
"category": "external",
"summary": "SUSE Bug 1242550 for CVE-2022-49868",
"url": "https://bugzilla.suse.com/1242550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "low"
}
],
"title": "CVE-2022-49868"
},
{
"cve": "CVE-2022-49869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix possible crash in bnxt_hwrm_set_coal()\n\nDuring the error recovery sequence, the rtnl_lock is not held for the\nentire duration and some datastructures may be freed during the sequence.\nCheck for the BNXT_STATE_OPEN flag instead of netif_running() to ensure\nthat the device is fully operational before proceeding to reconfigure\nthe coalescing settings.\n\nThis will fix a possible crash like this:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 10 PID: 181276 Comm: ethtool Kdump: loaded Tainted: G IOE --------- - - 4.18.0-348.el8.x86_64 #1\nHardware name: Dell Inc. PowerEdge R740/0F9N89, BIOS 2.3.10 08/15/2019\nRIP: 0010:bnxt_hwrm_set_coal+0x1fb/0x2a0 [bnxt_en]\nCode: c2 66 83 4e 22 08 66 89 46 1c e8 10 cb 00 00 41 83 c6 01 44 39 b3 68 01 00 00 0f 8e a3 00 00 00 48 8b 93 c8 00 00 00 49 63 c6 \u003c48\u003e 8b 2c c2 48 8b 85 b8 02 00 00 48 85 c0 74 2e 48 8b 74 24 08 f6\nRSP: 0018:ffffb11c8dcaba50 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff8d168a8b0ac0 RCX: 00000000000000c5\nRDX: 0000000000000000 RSI: ffff8d162f72c000 RDI: ffff8d168a8b0b28\nRBP: 0000000000000000 R08: b6e1f68a12e9a7eb R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000037 R12: ffff8d168a8b109c\nR13: ffff8d168a8b10aa R14: 0000000000000000 R15: ffffffffc01ac4e0\nFS: 00007f3852e4c740(0000) GS:ffff8d24c0080000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000041b3ee003 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n ethnl_set_coalesce+0x3ce/0x4c0\n genl_family_rcv_msg_doit.isra.15+0x10f/0x150\n genl_family_rcv_msg+0xb3/0x160\n ? coalesce_fill_reply+0x480/0x480\n genl_rcv_msg+0x47/0x90\n ? genl_family_rcv_msg+0x160/0x160\n netlink_rcv_skb+0x4c/0x120\n genl_rcv+0x24/0x40\n netlink_unicast+0x196/0x230\n netlink_sendmsg+0x204/0x3d0\n sock_sendmsg+0x4c/0x50\n __sys_sendto+0xee/0x160\n ? syscall_trace_enter+0x1d3/0x2c0\n ? __audit_syscall_exit+0x249/0x2a0\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x5b/0x1a0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\nRIP: 0033:0x7f38524163bb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49869",
"url": "https://www.suse.com/security/cve/CVE-2022-49869"
},
{
"category": "external",
"summary": "SUSE Bug 1242158 for CVE-2022-49869",
"url": "https://bugzilla.suse.com/1242158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49869"
},
{
"cve": "CVE-2022-49870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncapabilities: fix undefined behavior in bit shift for CAP_TO_MASK\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in security/commoncap.c:1252:2\nleft shift of 1 by 31 places cannot be represented in type \u0027int\u0027\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n cap_task_prctl+0x561/0x6f0\n security_task_prctl+0x5a/0xb0\n __x64_sys_prctl+0x61/0x8f0\n do_syscall_64+0x58/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49870",
"url": "https://www.suse.com/security/cve/CVE-2022-49870"
},
{
"category": "external",
"summary": "SUSE Bug 1242551 for CVE-2022-49870",
"url": "https://bugzilla.suse.com/1242551"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49870"
},
{
"cve": "CVE-2022-49871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Fix memory leaks of napi_get_frags\n\nkmemleak reports after running test_progs:\n\nunreferenced object 0xffff8881b1672dc0 (size 232):\n comm \"test_progs\", pid 394388, jiffies 4354712116 (age 841.975s)\n hex dump (first 32 bytes):\n e0 84 d7 a8 81 88 ff ff 80 2c 67 b1 81 88 ff ff .........,g.....\n 00 40 c5 9b 81 88 ff ff 00 00 00 00 00 00 00 00 .@..............\n backtrace:\n [\u003c00000000c8f01748\u003e] napi_skb_cache_get+0xd4/0x150\n [\u003c0000000041c7fc09\u003e] __napi_build_skb+0x15/0x50\n [\u003c00000000431c7079\u003e] __napi_alloc_skb+0x26e/0x540\n [\u003c000000003ecfa30e\u003e] napi_get_frags+0x59/0x140\n [\u003c0000000099b2199e\u003e] tun_get_user+0x183d/0x3bb0 [tun]\n [\u003c000000008a5adef0\u003e] tun_chr_write_iter+0xc0/0x1b1 [tun]\n [\u003c0000000049993ff4\u003e] do_iter_readv_writev+0x19f/0x320\n [\u003c000000008f338ea2\u003e] do_iter_write+0x135/0x630\n [\u003c000000008a3377a4\u003e] vfs_writev+0x12e/0x440\n [\u003c00000000a6b5639a\u003e] do_writev+0x104/0x280\n [\u003c00000000ccf065d8\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000d776e329\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe issue occurs in the following scenarios:\ntun_get_user()\n napi_gro_frags()\n napi_frags_finish()\n case GRO_NORMAL:\n gro_normal_one()\n list_add_tail(\u0026skb-\u003elist, \u0026napi-\u003erx_list);\n \u003c-- While napi-\u003erx_count \u003c READ_ONCE(gro_normal_batch),\n \u003c-- gro_normal_list() is not called, napi-\u003erx_list is not empty\n \u003c-- not ask to complete the gro work, will cause memory leaks in\n \u003c-- following tun_napi_del()\n...\ntun_napi_del()\n netif_napi_del()\n __netif_napi_del()\n \u003c-- \u0026napi-\u003erx_list is not empty, which caused memory leaks\n\nTo fix, add napi_complete() after napi_gro_frags().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49871",
"url": "https://www.suse.com/security/cve/CVE-2022-49871"
},
{
"category": "external",
"summary": "SUSE Bug 1242558 for CVE-2022-49871",
"url": "https://bugzilla.suse.com/1242558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49871"
},
{
"cve": "CVE-2022-49874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49874"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: fix possible memory leak in mousevsc_probe()\n\nIf hid_add_device() returns error, it should call hid_destroy_device()\nto free hid_dev which is allocated in hid_allocate_device().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49874",
"url": "https://www.suse.com/security/cve/CVE-2022-49874"
},
{
"category": "external",
"summary": "SUSE Bug 1242478 for CVE-2022-49874",
"url": "https://bugzilla.suse.com/1242478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49874"
},
{
"cve": "CVE-2022-49879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix BUG_ON() when directory entry has invalid rec_len\n\nThe rec_len field in the directory entry has to be a multiple of 4. A\ncorrupted filesystem image can be used to hit a BUG() in\next4_rec_len_to_disk(), called from make_indexed_dir().\n\n ------------[ cut here ]------------\n kernel BUG at fs/ext4/ext4.h:2413!\n ...\n RIP: 0010:make_indexed_dir+0x53f/0x5f0\n ...\n Call Trace:\n \u003cTASK\u003e\n ? add_dirent_to_buf+0x1b2/0x200\n ext4_add_entry+0x36e/0x480\n ext4_add_nondir+0x2b/0xc0\n ext4_create+0x163/0x200\n path_openat+0x635/0xe90\n do_filp_open+0xb4/0x160\n ? __create_object.isra.0+0x1de/0x3b0\n ? _raw_spin_unlock+0x12/0x30\n do_sys_openat2+0x91/0x150\n __x64_sys_open+0x6c/0xa0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe fix simply adds a call to ext4_check_dir_entry() to validate the\ndirectory entry, returning -EFSCORRUPTED if the entry is invalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49879",
"url": "https://www.suse.com/security/cve/CVE-2022-49879"
},
{
"category": "external",
"summary": "SUSE Bug 1242733 for CVE-2022-49879",
"url": "https://bugzilla.suse.com/1242733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49879"
},
{
"cve": "CVE-2022-49880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49880"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in \u0027ext4_da_release_space\u0027\n\nSyzkaller report issue as follows:\nEXT4-fs (loop0): Free/Dirty block details\nEXT4-fs (loop0): free_blocks=0\nEXT4-fs (loop0): dirty_blocks=0\nEXT4-fs (loop0): Block reservation details\nEXT4-fs (loop0): i_reserved_data_blocks=0\nEXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 92 at fs/ext4/inode.c:1528 ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1524\nModules linked in:\nCPU: 0 PID: 92 Comm: kworker/u4:4 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: writeback wb_workfn (flush-7:0)\nRIP: 0010:ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1528\nRSP: 0018:ffffc900015f6c90 EFLAGS: 00010296\nRAX: 42215896cd52ea00 RBX: 0000000000000000 RCX: 42215896cd52ea00\nRDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000\nRBP: 1ffff1100e907d96 R08: ffffffff816aa79d R09: fffff520002bece5\nR10: fffff520002bece5 R11: 1ffff920002bece4 R12: ffff888021fd2000\nR13: ffff88807483ecb0 R14: 0000000000000001 R15: ffff88807483e740\nFS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555569ba628 CR3: 000000000c88e000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ext4_es_remove_extent+0x1ab/0x260 fs/ext4/extents_status.c:1461\n mpage_release_unused_pages+0x24d/0xef0 fs/ext4/inode.c:1589\n ext4_writepages+0x12eb/0x3be0 fs/ext4/inode.c:2852\n do_writepages+0x3c3/0x680 mm/page-writeback.c:2469\n __writeback_single_inode+0xd1/0x670 fs/fs-writeback.c:1587\n writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1870\n wb_writeback+0x41f/0x7b0 fs/fs-writeback.c:2044\n wb_do_writeback fs/fs-writeback.c:2187 [inline]\n wb_workfn+0x3cb/0xef0 fs/fs-writeback.c:2227\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \u003c/TASK\u003e\n\nAbove issue may happens as follows:\next4_da_write_begin\n ext4_create_inline_data\n ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS);\n ext4_set_inode_flag(inode, EXT4_INODE_INLINE_DATA);\n__ext4_ioctl\n ext4_ext_migrate -\u003e will lead to eh-\u003eeh_entries not zero, and set extent flag\next4_da_write_begin\n ext4_da_convert_inline_data_to_extent\n ext4_da_write_inline_data_begin\n ext4_da_map_blocks\n ext4_insert_delayed_block\n\t if (!ext4_es_scan_clu(inode, \u0026ext4_es_is_delonly, lblk))\n\t if (!ext4_es_scan_clu(inode, \u0026ext4_es_is_mapped, lblk))\n\t ext4_clu_mapped(inode, EXT4_B2C(sbi, lblk)); -\u003e will return 1\n\t allocated = true;\n ext4_es_insert_delayed_block(inode, lblk, allocated);\next4_writepages\n mpage_map_and_submit_extent(handle, \u0026mpd, \u0026give_up_on_write); -\u003e return -ENOSPC\n mpage_release_unused_pages(\u0026mpd, give_up_on_write); -\u003e give_up_on_write == 1\n ext4_es_remove_extent\n ext4_da_release_space(inode, reserved);\n if (unlikely(to_free \u003e ei-\u003ei_reserved_data_blocks))\n\t -\u003e to_free == 1 but ei-\u003ei_reserved_data_blocks == 0\n\t -\u003e then trigger warning as above\n\nTo solve above issue, forbid inode do migrate which has inline data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49880",
"url": "https://www.suse.com/security/cve/CVE-2022-49880"
},
{
"category": "external",
"summary": "SUSE Bug 1242734 for CVE-2022-49880",
"url": "https://bugzilla.suse.com/1242734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49880"
},
{
"cve": "CVE-2022-49881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix memory leak in query_regdb_file()\n\nIn the function query_regdb_file() the alpha2 parameter is duplicated\nusing kmemdup() and subsequently freed in regdb_fw_cb(). However,\nrequest_firmware_nowait() can fail without calling regdb_fw_cb() and\nthus leak memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49881",
"url": "https://www.suse.com/security/cve/CVE-2022-49881"
},
{
"category": "external",
"summary": "SUSE Bug 1242481 for CVE-2022-49881",
"url": "https://bugzilla.suse.com/1242481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49881"
},
{
"cve": "CVE-2022-49885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()\n\nChange num_ghes from int to unsigned int, preventing an overflow\nand causing subsequent vmalloc() to fail.\n\nThe overflow happens in ghes_estatus_pool_init() when calculating\nlen during execution of the statement below as both multiplication\noperands here are signed int:\n\nlen += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE);\n\nThe following call trace is observed because of this bug:\n\n[ 9.317108] swapper/0: vmalloc error: size 18446744071562596352, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1\n[ 9.317131] Call Trace:\n[ 9.317134] \u003cTASK\u003e\n[ 9.317137] dump_stack_lvl+0x49/0x5f\n[ 9.317145] dump_stack+0x10/0x12\n[ 9.317146] warn_alloc.cold+0x7b/0xdf\n[ 9.317150] ? __device_attach+0x16a/0x1b0\n[ 9.317155] __vmalloc_node_range+0x702/0x740\n[ 9.317160] ? device_add+0x17f/0x920\n[ 9.317164] ? dev_set_name+0x53/0x70\n[ 9.317166] ? platform_device_add+0xf9/0x240\n[ 9.317168] __vmalloc_node+0x49/0x50\n[ 9.317170] ? ghes_estatus_pool_init+0x43/0xa0\n[ 9.317176] vmalloc+0x21/0x30\n[ 9.317177] ghes_estatus_pool_init+0x43/0xa0\n[ 9.317179] acpi_hest_init+0x129/0x19c\n[ 9.317185] acpi_init+0x434/0x4a4\n[ 9.317188] ? acpi_sleep_proc_init+0x2a/0x2a\n[ 9.317190] do_one_initcall+0x48/0x200\n[ 9.317195] kernel_init_freeable+0x221/0x284\n[ 9.317200] ? rest_init+0xe0/0xe0\n[ 9.317204] kernel_init+0x1a/0x130\n[ 9.317205] ret_from_fork+0x22/0x30\n[ 9.317208] \u003c/TASK\u003e\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49885",
"url": "https://www.suse.com/security/cve/CVE-2022-49885"
},
{
"category": "external",
"summary": "SUSE Bug 1242735 for CVE-2022-49885",
"url": "https://bugzilla.suse.com/1242735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49885"
},
{
"cve": "CVE-2022-49886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/tdx: Panic on bad configs that #VE on \"private\" memory access\n\nAll normal kernel memory is \"TDX private memory\". This includes\neverything from kernel stacks to kernel text. Handling\nexceptions on arbitrary accesses to kernel memory is essentially\nimpossible because they can happen in horribly nasty places like\nkernel entry/exit. But, TDX hardware can theoretically _deliver_\na virtualization exception (#VE) on any access to private memory.\n\nBut, it\u0027s not as bad as it sounds. TDX can be configured to never\ndeliver these exceptions on private memory with a \"TD attribute\"\ncalled ATTR_SEPT_VE_DISABLE. The guest has no way to *set* this\nattribute, but it can check it.\n\nEnsure ATTR_SEPT_VE_DISABLE is set in early boot. panic() if it\nis unset. There is no sane way for Linux to run with this\nattribute clear so a panic() is appropriate.\n\nThere\u0027s small window during boot before the check where kernel\nhas an early #VE handler. But the handler is only for port I/O\nand will also panic() as soon as it sees any other #VE, such as\na one generated by a private memory access.\n\n[ dhansen: Rewrite changelog and rebase on new tdx_parse_tdinfo().\n\t Add Kirill\u0027s tested-by because I made changes since\n\t he wrote this. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49886",
"url": "https://www.suse.com/security/cve/CVE-2022-49886"
},
{
"category": "external",
"summary": "SUSE Bug 1242474 for CVE-2022-49886",
"url": "https://bugzilla.suse.com/1242474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49886"
},
{
"cve": "CVE-2022-49887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: meson: vdec: fix possible refcount leak in vdec_probe()\n\nv4l2_device_unregister need to be called to put the refcount got by\nv4l2_device_register when vdec_probe fails or vdec_remove is called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49887",
"url": "https://www.suse.com/security/cve/CVE-2022-49887"
},
{
"category": "external",
"summary": "SUSE Bug 1242736 for CVE-2022-49887",
"url": "https://bugzilla.suse.com/1242736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49887"
},
{
"cve": "CVE-2022-49888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: entry: avoid kprobe recursion\n\nThe cortex_a76_erratum_1463225_debug_handler() function is called when\nhandling debug exceptions (and synchronous exceptions from BRK\ninstructions), and so is called when a probed function executes. If the\ncompiler does not inline cortex_a76_erratum_1463225_debug_handler(), it\ncan be probed.\n\nIf cortex_a76_erratum_1463225_debug_handler() is probed, any debug\nexception or software breakpoint exception will result in recursive\nexceptions leading to a stack overflow. This can be triggered with the\nftrace multiple_probes selftest, and as per the example splat below.\n\nThis is a regression caused by commit:\n\n 6459b8469753e9fe (\"arm64: entry: consolidate Cortex-A76 erratum 1463225 workaround\")\n\n... which removed the NOKPROBE_SYMBOL() annotation associated with the\nfunction.\n\nMy intent was that cortex_a76_erratum_1463225_debug_handler() would be\ninlined into its caller, el1_dbg(), which is marked noinstr and cannot\nbe probed. Mark cortex_a76_erratum_1463225_debug_handler() as\n__always_inline to ensure this.\n\nExample splat prior to this patch (with recursive entries elided):\n\n| # echo p cortex_a76_erratum_1463225_debug_handler \u003e /sys/kernel/debug/tracing/kprobe_events\n| # echo p do_el0_svc \u003e\u003e /sys/kernel/debug/tracing/kprobe_events\n| # echo 1 \u003e /sys/kernel/debug/tracing/events/kprobes/enable\n| Insufficient stack space to handle exception!\n| ESR: 0x0000000096000047 -- DABT (current EL)\n| FAR: 0xffff800009cefff0\n| Task stack: [0xffff800009cf0000..0xffff800009cf4000]\n| IRQ stack: [0xffff800008000000..0xffff800008004000]\n| Overflow stack: [0xffff00007fbc00f0..0xffff00007fbc10f0]\n| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2\n| Hardware name: linux,dummy-virt (DT)\n| pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : arm64_enter_el1_dbg+0x4/0x20\n| lr : el1_dbg+0x24/0x5c\n| sp : ffff800009cf0000\n| x29: ffff800009cf0000 x28: ffff000002c74740 x27: 0000000000000000\n| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n| x23: 00000000604003c5 x22: ffff80000801745c x21: 0000aaaac95ac068\n| x20: 00000000f2000004 x19: ffff800009cf0040 x18: 0000000000000000\n| x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n| x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n| x11: 0000000000000010 x10: ffff800008c87190 x9 : ffff800008ca00d0\n| x8 : 000000000000003c x7 : 0000000000000000 x6 : 0000000000000000\n| x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000000043a4\n| x2 : 00000000f2000004 x1 : 00000000f2000004 x0 : ffff800009cf0040\n| Kernel panic - not syncing: kernel stack overflow\n| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2\n| Hardware name: linux,dummy-virt (DT)\n| Call trace:\n| dump_backtrace+0xe4/0x104\n| show_stack+0x18/0x4c\n| dump_stack_lvl+0x64/0x7c\n| dump_stack+0x18/0x38\n| panic+0x14c/0x338\n| test_taint+0x0/0x2c\n| panic_bad_stack+0x104/0x118\n| handle_bad_stack+0x34/0x48\n| __bad_stack+0x78/0x7c\n| arm64_enter_el1_dbg+0x4/0x20\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n...\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n...\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| cortex_a76_erratum_1463225_debug_handler+0x0/0x34\n| el1h_64_sync_handler+0x40/0x98\n| el1h_64_sync+0x64/0x68\n| do_el0_svc+0x0/0x28\n| el0t_64_sync_handler+0x84/0xf0\n| el0t_64_sync+0x18c/0x190\n| Kernel Offset: disabled\n| CPU features: 0x0080,00005021,19001080\n| Memory Limit: none\n| ---[ end Kernel panic - not syncing: kernel stack overflow ]---\n\nWith this patch, cortex_a76_erratum_1463225_debug_handler() is inlined\ninto el1_dbg(), and el1_dbg() cannot be probed:\n\n| # echo p cortex_a76_erratum_1463225_debug_handler \u003e /sys/kernel/debug/tracing/kprobe_events\n| sh: write error: No such file or directory\n| # grep -w cortex_a76_errat\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49888",
"url": "https://www.suse.com/security/cve/CVE-2022-49888"
},
{
"category": "external",
"summary": "SUSE Bug 1242458 for CVE-2022-49888",
"url": "https://bugzilla.suse.com/1242458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49888"
},
{
"cve": "CVE-2022-49889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()\n\nOn some machines the number of listed CPUs may be bigger than the actual\nCPUs that exist. The tracing subsystem allocates a per_cpu directory with\naccess to the per CPU ring buffer via a cpuX file. But to save space, the\nring buffer will only allocate buffers for online CPUs, even though the\nCPU array will be as big as the nr_cpu_ids.\n\nWith the addition of waking waiters on the ring buffer when closing the\nfile, the ring_buffer_wake_waiters() now needs to make sure that the\nbuffer is allocated (with the irq_work allocated with it) before trying to\nwake waiters, as it will cause a NULL pointer dereference.\n\nWhile debugging this, I added a NULL check for the buffer itself (which is\nOK to do), and also NULL pointer checks against buffer-\u003ebuffers (which is\nnot fine, and will WARN) as well as making sure the CPU number passed in\nis within the nr_cpu_ids (which is also not fine if it isn\u0027t).\n\n\nBugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49889",
"url": "https://www.suse.com/security/cve/CVE-2022-49889"
},
{
"category": "external",
"summary": "SUSE Bug 1242455 for CVE-2022-49889",
"url": "https://bugzilla.suse.com/1242455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49889"
},
{
"cve": "CVE-2022-49890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncapabilities: fix potential memleak on error path from vfs_getxattr_alloc()\n\nIn cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to\ncomplete the memory allocation of tmpbuf, if we have completed\nthe memory allocation of tmpbuf, but failed to call handler-\u003eget(...),\nthere will be a memleak in below logic:\n\n |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)\n | /* ^^^ alloc for tmpbuf */\n |-- value = krealloc(*xattr_value, error + 1, flags)\n | /* ^^^ alloc memory */\n |-- error = handler-\u003eget(handler, ...)\n | /* error! */\n |-- *xattr_value = value\n | /* xattr_value is \u0026tmpbuf (memory leak!) */\n\nSo we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.\n\n[PM: subject line and backtrace tweaks]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49890",
"url": "https://www.suse.com/security/cve/CVE-2022-49890"
},
{
"category": "external",
"summary": "SUSE Bug 1242469 for CVE-2022-49890",
"url": "https://bugzilla.suse.com/1242469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49890"
},
{
"cve": "CVE-2022-49891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()\n\ntest_gen_kprobe_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Move kfree(buf) from fail path to common path\nto prevent the memleak. The same reason and solution in\ntest_gen_kretprobe_cmd().\n\nunreferenced object 0xffff888143b14000 (size 2048):\n comm \"insmod\", pid 52490, jiffies 4301890980 (age 40.553s)\n hex dump (first 32 bytes):\n 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp\n 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys\n backtrace:\n [\u003c000000006d7b836b\u003e] kmalloc_trace+0x27/0xa0\n [\u003c0000000009528b5b\u003e] 0xffffffffa059006f\n [\u003c000000008408b580\u003e] do_one_initcall+0x87/0x2a0\n [\u003c00000000c4980a7e\u003e] do_init_module+0xdf/0x320\n [\u003c00000000d775aad0\u003e] load_module+0x3006/0x3390\n [\u003c00000000e9a74b80\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c000000003726480d\u003e] do_syscall_64+0x35/0x80\n [\u003c000000003441e93b\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49891",
"url": "https://www.suse.com/security/cve/CVE-2022-49891"
},
{
"category": "external",
"summary": "SUSE Bug 1242456 for CVE-2022-49891",
"url": "https://bugzilla.suse.com/1242456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49891"
},
{
"cve": "CVE-2022-49892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix use-after-free for dynamic ftrace_ops\n\nKASAN reported a use-after-free with ftrace ops [1]. It was found from\nvmcore that perf had registered two ops with the same content\nsuccessively, both dynamic. After unregistering the second ops, a\nuse-after-free occurred.\n\nIn ftrace_shutdown(), when the second ops is unregistered, the\nFTRACE_UPDATE_CALLS command is not set because there is another enabled\nops with the same content. Also, both ops are dynamic and the ftrace\ncallback function is ftrace_ops_list_func, so the\nFTRACE_UPDATE_TRACE_FUNC command will not be set. Eventually the value\nof \u0027command\u0027 will be 0 and ftrace_shutdown() will skip the rcu\nsynchronization.\n\nHowever, ftrace may be activated. When the ops is released, another CPU\nmay be accessing the ops. Add the missing synchronization to fix this\nproblem.\n\n[1]\nBUG: KASAN: use-after-free in __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [inline]\nBUG: KASAN: use-after-free in ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049\nRead of size 8 at addr ffff56551965bbc8 by task syz-executor.2/14468\n\nCPU: 1 PID: 14468 Comm: syz-executor.2 Not tainted 5.10.0 #7\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace+0x0/0x40c arch/arm64/kernel/stacktrace.c:132\n show_stack+0x30/0x40 arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1b4/0x248 lib/dump_stack.c:118\n print_address_description.constprop.0+0x28/0x48c mm/kasan/report.c:387\n __kasan_report mm/kasan/report.c:547 [inline]\n kasan_report+0x118/0x210 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load8+0x98/0xc0 mm/kasan/generic.c:253\n __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [inline]\n ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049\n ftrace_graph_call+0x0/0x4\n __might_sleep+0x8/0x100 include/linux/perf_event.h:1170\n __might_fault mm/memory.c:5183 [inline]\n __might_fault+0x58/0x70 mm/memory.c:5171\n do_strncpy_from_user lib/strncpy_from_user.c:41 [inline]\n strncpy_from_user+0x1f4/0x4b0 lib/strncpy_from_user.c:139\n getname_flags+0xb0/0x31c fs/namei.c:149\n getname+0x2c/0x40 fs/namei.c:209\n [...]\n\nAllocated by task 14445:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:48\n kasan_set_track mm/kasan/common.c:56 [inline]\n __kasan_kmalloc mm/kasan/common.c:479 [inline]\n __kasan_kmalloc.constprop.0+0x110/0x13c mm/kasan/common.c:449\n kasan_kmalloc+0xc/0x14 mm/kasan/common.c:493\n kmem_cache_alloc_trace+0x440/0x924 mm/slub.c:2950\n kmalloc include/linux/slab.h:563 [inline]\n kzalloc include/linux/slab.h:675 [inline]\n perf_event_alloc.part.0+0xb4/0x1350 kernel/events/core.c:11230\n perf_event_alloc kernel/events/core.c:11733 [inline]\n __do_sys_perf_event_open kernel/events/core.c:11831 [inline]\n __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723\n __arm64_sys_perf_event_open+0x6c/0x80 kernel/events/core.c:11723\n [...]\n\nFreed by task 14445:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:48\n kasan_set_track+0x24/0x34 mm/kasan/common.c:56\n kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:358\n __kasan_slab_free.part.0+0x11c/0x1b0 mm/kasan/common.c:437\n __kasan_slab_free mm/kasan/common.c:445 [inline]\n kasan_slab_free+0x2c/0x40 mm/kasan/common.c:446\n slab_free_hook mm/slub.c:1569 [inline]\n slab_free_freelist_hook mm/slub.c:1608 [inline]\n slab_free mm/slub.c:3179 [inline]\n kfree+0x12c/0xc10 mm/slub.c:4176\n perf_event_alloc.part.0+0xa0c/0x1350 kernel/events/core.c:11434\n perf_event_alloc kernel/events/core.c:11733 [inline]\n __do_sys_perf_event_open kernel/events/core.c:11831 [inline]\n __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723\n [...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49892",
"url": "https://www.suse.com/security/cve/CVE-2022-49892"
},
{
"category": "external",
"summary": "SUSE Bug 1242449 for CVE-2022-49892",
"url": "https://bugzilla.suse.com/1242449"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49892"
},
{
"cve": "CVE-2022-49900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: piix4: Fix adapter not be removed in piix4_remove()\n\nIn piix4_probe(), the piix4 adapter will be registered in:\n\n piix4_probe()\n piix4_add_adapters_sb800() / piix4_add_adapter()\n i2c_add_adapter()\n\nBased on the probed device type, piix4_add_adapters_sb800() or single\npiix4_add_adapter() will be called.\nFor the former case, piix4_adapter_count is set as the number of adapters,\nwhile for antoher case it is not set and kept default *zero*.\n\nWhen piix4 is removed, piix4_remove() removes the adapters added in\npiix4_probe(), basing on the piix4_adapter_count value.\nBecause the count is zero for the single adapter case, the adapter won\u0027t\nbe removed and makes the sources allocated for adapter leaked, such as\nthe i2c client and device.\n\nThese sources can still be accessed by i2c or bus and cause problems.\nAn easily reproduced case is that if a new adapter is registered, i2c\nwill get the leaked adapter and try to call smbus_algorithm, which was\nalready freed:\n\nTriggered by: rmmod i2c_piix4 \u0026\u0026 modprobe max31730\n\n BUG: unable to handle page fault for address: ffffffffc053d860\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n Oops: 0000 [#1] PREEMPT SMP KASAN\n CPU: 0 PID: 3752 Comm: modprobe Tainted: G\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:i2c_default_probe (drivers/i2c/i2c-core-base.c:2259) i2c_core\n RSP: 0018:ffff888107477710 EFLAGS: 00000246\n ...\n \u003cTASK\u003e\n i2c_detect (drivers/i2c/i2c-core-base.c:2302) i2c_core\n __process_new_driver (drivers/i2c/i2c-core-base.c:1336) i2c_core\n bus_for_each_dev (drivers/base/bus.c:301)\n i2c_for_each_dev (drivers/i2c/i2c-core-base.c:1823) i2c_core\n i2c_register_driver (drivers/i2c/i2c-core-base.c:1861) i2c_core\n do_one_initcall (init/main.c:1296)\n do_init_module (kernel/module/main.c:2455)\n ...\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nFix this problem by correctly set piix4_adapter_count as 1 for the\nsingle adapter so it can be normally removed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49900",
"url": "https://www.suse.com/security/cve/CVE-2022-49900"
},
{
"category": "external",
"summary": "SUSE Bug 1242454 for CVE-2022-49900",
"url": "https://bugzilla.suse.com/1242454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49900"
},
{
"cve": "CVE-2022-49901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49901"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: Fix kmemleak in blk_mq_init_allocated_queue\n\nThere is a kmemleak caused by modprobe null_blk.ko\n\nunreferenced object 0xffff8881acb1f000 (size 1024):\n comm \"modprobe\", pid 836, jiffies 4294971190 (age 27.068s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S......\n backtrace:\n [\u003c000000004a10c249\u003e] kmalloc_node_trace+0x22/0x60\n [\u003c00000000648f7950\u003e] blk_mq_alloc_and_init_hctx+0x289/0x350\n [\u003c00000000af06de0e\u003e] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0\n [\u003c00000000e00c1872\u003e] blk_mq_init_allocated_queue+0x48c/0x1440\n [\u003c00000000d16b4e68\u003e] __blk_mq_alloc_disk+0xc8/0x1c0\n [\u003c00000000d10c98c3\u003e] 0xffffffffc450d69d\n [\u003c00000000b9299f48\u003e] 0xffffffffc4538392\n [\u003c0000000061c39ed6\u003e] do_one_initcall+0xd0/0x4f0\n [\u003c00000000b389383b\u003e] do_init_module+0x1a4/0x680\n [\u003c0000000087cf3542\u003e] load_module+0x6249/0x7110\n [\u003c00000000beba61b8\u003e] __do_sys_finit_module+0x140/0x200\n [\u003c00000000fdcfff51\u003e] do_syscall_64+0x35/0x80\n [\u003c000000003c0f1f71\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThat is because q-\u003ema_ops is set to NULL before blk_release_queue is\ncalled.\n\nblk_mq_init_queue_data\n blk_mq_init_allocated_queue\n blk_mq_realloc_hw_ctxs\n for (i = 0; i \u003c set-\u003enr_hw_queues; i++) {\n old_hctx = xa_load(\u0026q-\u003ehctx_table, i);\n if (!blk_mq_alloc_and_init_hctx(.., i, ..))\t\t[1]\n if (!old_hctx)\n\t break;\n\n xa_for_each_start(\u0026q-\u003ehctx_table, j, hctx, j)\n blk_mq_exit_hctx(q, set, hctx, j); \t\t\t[2]\n\n if (!q-\u003enr_hw_queues)\t\t\t\t\t[3]\n goto err_hctxs;\n\n err_exit:\n q-\u003emq_ops = NULL;\t\t\t \t\t\t[4]\n\n blk_put_queue\n blk_release_queue\n if (queue_is_mq(q))\t\t\t\t\t[5]\n blk_mq_release(q);\n\n[1]: blk_mq_alloc_and_init_hctx failed at i != 0.\n[2]: The hctxs allocated by [1] are moved to q-\u003eunused_hctx_list and\nwill be cleaned up in blk_mq_release.\n[3]: q-\u003enr_hw_queues is 0.\n[4]: Set q-\u003emq_ops to NULL.\n[5]: queue_is_mq returns false due to [4]. And blk_mq_release\nwill not be called. The hctxs in q-\u003eunused_hctx_list are leaked.\n\nTo fix it, call blk_release_queue in exception path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49901",
"url": "https://www.suse.com/security/cve/CVE-2022-49901"
},
{
"category": "external",
"summary": "SUSE Bug 1242448 for CVE-2022-49901",
"url": "https://bugzilla.suse.com/1242448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49901"
},
{
"cve": "CVE-2022-49902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix possible memory leak for rq_wb on add_disk failure\n\nkmemleak reported memory leaks in device_add_disk():\n\nkmemleak: 3 new suspected memory leaks\n\nunreferenced object 0xffff88800f420800 (size 512):\n comm \"modprobe\", pid 4275, jiffies 4295639067 (age 223.512s)\n hex dump (first 32 bytes):\n 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................\n 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000d3662699\u003e] kmalloc_trace+0x26/0x60\n [\u003c00000000edc7aadc\u003e] wbt_init+0x50/0x6f0\n [\u003c0000000069601d16\u003e] wbt_enable_default+0x157/0x1c0\n [\u003c0000000028fc393f\u003e] blk_register_queue+0x2a4/0x420\n [\u003c000000007345a042\u003e] device_add_disk+0x6fd/0xe40\n [\u003c0000000060e6aab0\u003e] nbd_dev_add+0x828/0xbf0 [nbd]\n ...\n\nIt is because the memory allocated in wbt_enable_default() is not\nreleased in device_add_disk() error path.\nNormally, these memory are freed in:\n\ndel_gendisk()\n rq_qos_exit()\n rqos-\u003eops-\u003eexit(rqos);\n wbt_exit()\n\nSo rq_qos_exit() is called to free the rq_wb memory for wbt_init().\nHowever in the error path of device_add_disk(), only\nblk_unregister_queue() is called and make rq_wb memory leaked.\n\nAdd rq_qos_exit() to the error path to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49902",
"url": "https://www.suse.com/security/cve/CVE-2022-49902"
},
{
"category": "external",
"summary": "SUSE Bug 1242465 for CVE-2022-49902",
"url": "https://bugzilla.suse.com/1242465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49902"
},
{
"cve": "CVE-2022-49905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible leaked pernet namespace in smc_init()\n\nIn smc_init(), register_pernet_subsys(\u0026smc_net_stat_ops) is called\nwithout any error handling.\nIf it fails, registering of \u0026smc_net_ops won\u0027t be reverted.\nAnd if smc_nl_init() fails, \u0026smc_net_stat_ops itself won\u0027t be reverted.\n\nThis leaves wild ops in subsystem linkedlist and when another module\ntries to call register_pernet_operations() it triggers page fault:\n\nBUG: unable to handle page fault for address: fffffbfff81b964c\nRIP: 0010:register_pernet_operations+0x1b9/0x5f0\nCall Trace:\n \u003cTASK\u003e\n register_pernet_subsys+0x29/0x40\n ebtables_init+0x58/0x1000 [ebtables]\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49905",
"url": "https://www.suse.com/security/cve/CVE-2022-49905"
},
{
"category": "external",
"summary": "SUSE Bug 1242467 for CVE-2022-49905",
"url": "https://bugzilla.suse.com/1242467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49905"
},
{
"cve": "CVE-2022-49906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Free rwi on reset success\n\nFree the rwi structure in the event that the last rwi in the list\nprocessed successfully. The logic in commit 4f408e1fa6e1 (\"ibmvnic:\nretry reset if there are no other resets\") introduces an issue that\nresults in a 32 byte memory leak whenever the last rwi in the list\ngets processed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49906",
"url": "https://www.suse.com/security/cve/CVE-2022-49906"
},
{
"category": "external",
"summary": "SUSE Bug 1242464 for CVE-2022-49906",
"url": "https://bugzilla.suse.com/1242464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49906"
},
{
"cve": "CVE-2022-49908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix memory leak in vhci_write\n\nSyzkaller reports a memory leak as follows:\n====================================\nBUG: memory leak\nunreferenced object 0xffff88810d81ac00 (size 240):\n [...]\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff838733d9\u003e] __alloc_skb+0x1f9/0x270 net/core/skbuff.c:418\n [\u003cffffffff833f742f\u003e] alloc_skb include/linux/skbuff.h:1257 [inline]\n [\u003cffffffff833f742f\u003e] bt_skb_alloc include/net/bluetooth/bluetooth.h:469 [inline]\n [\u003cffffffff833f742f\u003e] vhci_get_user drivers/bluetooth/hci_vhci.c:391 [inline]\n [\u003cffffffff833f742f\u003e] vhci_write+0x5f/0x230 drivers/bluetooth/hci_vhci.c:511\n [\u003cffffffff815e398d\u003e] call_write_iter include/linux/fs.h:2192 [inline]\n [\u003cffffffff815e398d\u003e] new_sync_write fs/read_write.c:491 [inline]\n [\u003cffffffff815e398d\u003e] vfs_write+0x42d/0x540 fs/read_write.c:578\n [\u003cffffffff815e3cdd\u003e] ksys_write+0x9d/0x160 fs/read_write.c:631\n [\u003cffffffff845e0645\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [\u003cffffffff845e0645\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [\u003cffffffff84600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n====================================\n\nHCI core will uses hci_rx_work() to process frame, which is queued to\nthe hdev-\u003erx_q tail in hci_recv_frame() by HCI driver.\n\nYet the problem is that, HCI core may not free the skb after handling\nACL data packets. To be more specific, when start fragment does not\ncontain the L2CAP length, HCI core just copies skb into conn-\u003erx_skb and\nfinishes frame process in l2cap_recv_acldata(), without freeing the skb,\nwhich triggers the above memory leak.\n\nThis patch solves it by releasing the relative skb, after processing\nthe above case in l2cap_recv_acldata().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49908",
"url": "https://www.suse.com/security/cve/CVE-2022-49908"
},
{
"category": "external",
"summary": "SUSE Bug 1242157 for CVE-2022-49908",
"url": "https://bugzilla.suse.com/1242157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "low"
}
],
"title": "CVE-2022-49908"
},
{
"cve": "CVE-2022-49909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: fix use-after-free in l2cap_conn_del()\n\nWhen l2cap_recv_frame() is invoked to receive data, and the cid is\nL2CAP_CID_A2MP, if the channel does not exist, it will create a channel.\nHowever, after a channel is created, the hold operation of the channel\nis not performed. In this case, the value of channel reference counting\nis 1. As a result, after hci_error_reset() is triggered, l2cap_conn_del()\ninvokes the close hook function of A2MP to release the channel. Then\n l2cap_chan_unlock(chan) will trigger UAF issue.\n\nThe process is as follows:\nReceive data:\nl2cap_data_channel()\n a2mp_channel_create() ---\u003echannel ref is 2\n l2cap_chan_put() ---\u003echannel ref is 1\n\nTriger event:\n hci_error_reset()\n hci_dev_do_close()\n ...\n l2cap_disconn_cfm()\n l2cap_conn_del()\n l2cap_chan_hold() ---\u003echannel ref is 2\n l2cap_chan_del() ---\u003echannel ref is 1\n a2mp_chan_close_cb() ---\u003echannel ref is 0, release channel\n l2cap_chan_unlock() ---\u003eUAF of channel\n\nThe detailed Call Trace is as follows:\nBUG: KASAN: use-after-free in __mutex_unlock_slowpath+0xa6/0x5e0\nRead of size 8 at addr ffff8880160664b8 by task kworker/u11:1/7593\nWorkqueue: hci0 hci_error_reset\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xcd/0x134\n print_report.cold+0x2ba/0x719\n kasan_report+0xb1/0x1e0\n kasan_check_range+0x140/0x190\n __mutex_unlock_slowpath+0xa6/0x5e0\n l2cap_conn_del+0x404/0x7b0\n l2cap_disconn_cfm+0x8c/0xc0\n hci_conn_hash_flush+0x11f/0x260\n hci_dev_close_sync+0x5f5/0x11f0\n hci_dev_do_close+0x2d/0x70\n hci_error_reset+0x9e/0x140\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\n\nAllocated by task 7593:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0xa9/0xd0\n l2cap_chan_create+0x40/0x930\n amp_mgr_create+0x96/0x990\n a2mp_channel_create+0x7d/0x150\n l2cap_recv_frame+0x51b8/0x9a70\n l2cap_recv_acldata+0xaa3/0xc00\n hci_rx_work+0x702/0x1220\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n\nFreed by task 7593:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_set_free_info+0x20/0x30\n ____kasan_slab_free+0x167/0x1c0\n slab_free_freelist_hook+0x89/0x1c0\n kfree+0xe2/0x580\n l2cap_chan_put+0x22a/0x2d0\n l2cap_conn_del+0x3fc/0x7b0\n l2cap_disconn_cfm+0x8c/0xc0\n hci_conn_hash_flush+0x11f/0x260\n hci_dev_close_sync+0x5f5/0x11f0\n hci_dev_do_close+0x2d/0x70\n hci_error_reset+0x9e/0x140\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0xbe/0xd0\n call_rcu+0x99/0x740\n netlink_release+0xe6a/0x1cf0\n __sock_release+0xcd/0x280\n sock_close+0x18/0x20\n __fput+0x27c/0xa90\n task_work_run+0xdd/0x1a0\n exit_to_user_mode_prepare+0x23c/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0xbe/0xd0\n call_rcu+0x99/0x740\n netlink_release+0xe6a/0x1cf0\n __sock_release+0xcd/0x280\n sock_close+0x18/0x20\n __fput+0x27c/0xa90\n task_work_run+0xdd/0x1a0\n exit_to_user_mode_prepare+0x23c/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49909",
"url": "https://www.suse.com/security/cve/CVE-2022-49909"
},
{
"category": "external",
"summary": "SUSE Bug 1242453 for CVE-2022-49909",
"url": "https://bugzilla.suse.com/1242453"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49909"
},
{
"cve": "CVE-2022-49910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu\n\nFix the race condition between the following two flows that run in\nparallel:\n\n1. l2cap_reassemble_sdu -\u003e chan-\u003eops-\u003erecv (l2cap_sock_recv_cb) -\u003e\n __sock_queue_rcv_skb.\n\n2. bt_sock_recvmsg -\u003e skb_recv_datagram, skb_free_datagram.\n\nAn SKB can be queued by the first flow and immediately dequeued and\nfreed by the second flow, therefore the callers of l2cap_reassemble_sdu\ncan\u0027t use the SKB after that function returns. However, some places\ncontinue accessing struct l2cap_ctrl that resides in the SKB\u0027s CB for a\nshort time after l2cap_reassemble_sdu returns, leading to a\nuse-after-free condition (the stack trace is below, line numbers for\nkernel 5.19.8).\n\nFix it by keeping a local copy of struct l2cap_ctrl.\n\nBUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\nRead of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169\n\nWorkqueue: hci0 hci_rx_work [bluetooth]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n \u003c/TASK\u003e\n\nAllocated by task 43169:\n kasan_save_stack (mm/kasan/common.c:39)\n __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293)\n __alloc_skb (net/core/skbuff.c:414)\n l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth\n l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth\n hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth\n process_one_work (kernel/workqueue.c:2289)\n worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437)\n kthread (kernel/kthread.c:376)\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n\nFreed by task 27920:\n kasan_save_stack (mm/kasan/common.c:39)\n kasan_set_track (mm/kasan/common.c:45)\n kasan_set_free_info (mm/kasan/generic.c:372)\n ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328)\n slab_free_freelist_hook (mm/slub.c:1780)\n kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553)\n skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323)\n bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth\n l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth\n sock_read_iter (net/socket.c:1087)\n new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401)\n vfs_read (fs/read_write.c:482)\n ksys_read (fs/read_write.c:620)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49910",
"url": "https://www.suse.com/security/cve/CVE-2022-49910"
},
{
"category": "external",
"summary": "SUSE Bug 1242452 for CVE-2022-49910",
"url": "https://bugzilla.suse.com/1242452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49910"
},
{
"cve": "CVE-2022-49915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_register_device()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device\u0027s\nbus_id string array\"), the name of device is allocated dynamically,\nadd put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nSet device class before put_device() to avoid null release() function\nWARN message in device_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49915",
"url": "https://www.suse.com/security/cve/CVE-2022-49915"
},
{
"category": "external",
"summary": "SUSE Bug 1242409 for CVE-2022-49915",
"url": "https://bugzilla.suse.com/1242409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49915"
},
{
"cve": "CVE-2022-49916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrose: Fix NULL pointer dereference in rose_send_frame()\n\nThe syzkaller reported an issue:\n\nKASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]\nCPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: rcu_gp srcu_invoke_callbacks\nRIP: 0010:rose_send_frame+0x1dd/0x2f0 net/rose/rose_link.c:101\nCall Trace:\n \u003cIRQ\u003e\n rose_transmit_clear_request+0x1d5/0x290 net/rose/rose_link.c:255\n rose_rx_call_request+0x4c0/0x1bc0 net/rose/af_rose.c:1009\n rose_loopback_timer+0x19e/0x590 net/rose/rose_loopback.c:111\n call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790\n __run_timers kernel/time/timer.c:1768 [inline]\n run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803\n __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571\n [...]\n \u003c/IRQ\u003e\n\nIt triggers NULL pointer dereference when \u0027neigh-\u003edev-\u003edev_addr\u0027 is\ncalled in the rose_send_frame(). It\u0027s the first occurrence of the\n`neigh` is in rose_loopback_timer() as `rose_loopback_neigh\u0027, and\nthe \u0027dev\u0027 in \u0027rose_loopback_neigh\u0027 is initialized sa nullptr.\n\nIt had been fixed by commit 3b3fd068c56e3fbea30090859216a368398e39bf\n(\"rose: Fix Null pointer dereference in rose_send_frame()\") ever.\nBut it\u0027s introduced by commit 3c53cd65dece47dd1f9d3a809f32e59d1d87b2b8\n(\"rose: check NULL rose_loopback_neigh-\u003eloopback\") again.\n\nWe fix it by add NULL check in rose_transmit_clear_request(). When\nthe \u0027dev\u0027 in \u0027neigh\u0027 is NULL, we don\u0027t reply the request and just\nclear it.\n\nsyzkaller don\u0027t provide repro, and I provide a syz repro like:\nr0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)\nioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, \u0026(0x7f0000000180)={\u0027rose0\\x00\u0027, 0x201})\nr1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)\nbind$rose(r1, \u0026(0x7f00000000c0)=@full={0xb, @dev, @null, 0x0, [@null, @null, @netrom, @netrom, @default, @null]}, 0x40)\nconnect$rose(r1, \u0026(0x7f0000000240)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49916",
"url": "https://www.suse.com/security/cve/CVE-2022-49916"
},
{
"category": "external",
"summary": "SUSE Bug 1242421 for CVE-2022-49916",
"url": "https://bugzilla.suse.com/1242421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49916"
},
{
"cve": "CVE-2022-49917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix WARNING in ip_vs_app_net_cleanup()\n\nDuring the initialization of ip_vs_app_net_init(), if file ip_vs_app\nfails to be created, the initialization is successful by default.\nTherefore, the ip_vs_app file doesn\u0027t be found during the remove in\nip_vs_app_net_cleanup(). It will cause WRNING.\n\nThe following is the stack information:\nname \u0027ip_vs_app\u0027\nWARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nCall Trace:\n\u003cTASK\u003e\nops_exit_list+0x125/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49917",
"url": "https://www.suse.com/security/cve/CVE-2022-49917"
},
{
"category": "external",
"summary": "SUSE Bug 1242406 for CVE-2022-49917",
"url": "https://bugzilla.suse.com/1242406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49917"
},
{
"cve": "CVE-2022-49918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix WARNING in __ip_vs_cleanup_batch()\n\nDuring the initialization of ip_vs_conn_net_init(), if file ip_vs_conn\nor ip_vs_conn_sync fails to be created, the initialization is successful\nby default. Therefore, the ip_vs_conn or ip_vs_conn_sync file doesn\u0027t\nbe found during the remove.\n\nThe following is the stack information:\nname \u0027ip_vs_conn_sync\u0027\nWARNING: CPU: 3 PID: 9 at fs/proc/generic.c:712\nremove_proc_entry+0x389/0x460\nModules linked in:\nWorkqueue: netns cleanup_net\nRIP: 0010:remove_proc_entry+0x389/0x460\nCall Trace:\n\u003cTASK\u003e\n__ip_vs_cleanup_batch+0x7d/0x120\nops_exit_list+0x125/0x170\ncleanup_net+0x4ea/0xb00\nprocess_one_work+0x9bf/0x1710\nworker_thread+0x665/0x1080\nkthread+0x2e4/0x3a0\nret_from_fork+0x1f/0x30\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49918",
"url": "https://www.suse.com/security/cve/CVE-2022-49918"
},
{
"category": "external",
"summary": "SUSE Bug 1242425 for CVE-2022-49918",
"url": "https://bugzilla.suse.com/1242425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49918"
},
{
"cve": "CVE-2022-49921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49921"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Fix use after free in red_enqueue()\n\nWe can\u0027t use \"skb\" again after passing it to qdisc_enqueue(). This is\nbasically identical to commit 2f09707d0c97 (\"sch_sfb: Also store skb\nlen before calling child enqueue\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49921",
"url": "https://www.suse.com/security/cve/CVE-2022-49921"
},
{
"category": "external",
"summary": "SUSE Bug 1242359 for CVE-2022-49921",
"url": "https://bugzilla.suse.com/1242359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49921"
},
{
"cve": "CVE-2022-49922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()\n\nnfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb\nshould be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send()\nwill only free skb when i2c_master_send() return \u003e=0, which means skb\nwill memleak when i2c_master_send() failed. Free skb no matter whether\ni2c_master_send() succeeds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49922",
"url": "https://www.suse.com/security/cve/CVE-2022-49922"
},
{
"category": "external",
"summary": "SUSE Bug 1242378 for CVE-2022-49922",
"url": "https://bugzilla.suse.com/1242378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49922"
},
{
"cve": "CVE-2022-49923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nxp-nci: Fix potential memory leak in nxp_nci_send()\n\nnxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when\nnxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write()\nrun succeeds, the skb will not be freed in nxp_nci_i2c_write(). As the\nresult, the skb will memleak. nxp_nci_send() should also free the skb\nwhen nxp_nci_i2c_write() succeeds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49923",
"url": "https://www.suse.com/security/cve/CVE-2022-49923"
},
{
"category": "external",
"summary": "SUSE Bug 1242394 for CVE-2022-49923",
"url": "https://bugzilla.suse.com/1242394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49923"
},
{
"cve": "CVE-2022-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fdp: Fix potential memory leak in fdp_nci_send()\n\nfdp_nci_send() will call fdp_nci_i2c_write that will not free skb in\nthe function. As a result, when fdp_nci_i2c_write() finished, the skb\nwill memleak. fdp_nci_send() should free skb after fdp_nci_i2c_write()\nfinished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49924",
"url": "https://www.suse.com/security/cve/CVE-2022-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1242426 for CVE-2022-49924",
"url": "https://bugzilla.suse.com/1242426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49924"
},
{
"cve": "CVE-2022-49925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix null-ptr-deref in ib_core_cleanup()\n\nKASAN reported a null-ptr-deref error:\n\n KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\n CPU: 1 PID: 379\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:destroy_workqueue+0x2f/0x740\n RSP: 0018:ffff888016137df8 EFLAGS: 00000202\n ...\n Call Trace:\n ib_core_cleanup+0xa/0xa1 [ib_core]\n __do_sys_delete_module.constprop.0+0x34f/0x5b0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7fa1a0d221b7\n ...\n\nIt is because the fail of roce_gid_mgmt_init() is ignored:\n\n ib_core_init()\n roce_gid_mgmt_init()\n gid_cache_wq = alloc_ordered_workqueue # fail\n ...\n ib_core_cleanup()\n roce_gid_mgmt_cleanup()\n destroy_workqueue(gid_cache_wq)\n # destroy an unallocated wq\n\nFix this by catching the fail of roce_gid_mgmt_init() in ib_core_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49925",
"url": "https://www.suse.com/security/cve/CVE-2022-49925"
},
{
"category": "external",
"summary": "SUSE Bug 1242371 for CVE-2022-49925",
"url": "https://bugzilla.suse.com/1242371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49925"
},
{
"cve": "CVE-2022-49927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs4: Fix kmemleak when allocate slot failed\n\nIf one of the slot allocate failed, should cleanup all the other\nallocated slots, otherwise, the allocated slots will leak:\n\n unreferenced object 0xffff8881115aa100 (size 64):\n comm \"\"mount.nfs\"\", pid 679, jiffies 4294744957 (age 115.037s)\n hex dump (first 32 bytes):\n 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z.....\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c000000007a4c434a\u003e] nfs4_find_or_create_slot+0x8e/0x130\n [\u003c000000005472a39c\u003e] nfs4_realloc_slot_table+0x23f/0x270\n [\u003c00000000cd8ca0eb\u003e] nfs40_init_client+0x4a/0x90\n [\u003c00000000128486db\u003e] nfs4_init_client+0xce/0x270\n [\u003c000000008d2cacad\u003e] nfs4_set_client+0x1a2/0x2b0\n [\u003c000000000e593b52\u003e] nfs4_create_server+0x300/0x5f0\n [\u003c00000000e4425dd2\u003e] nfs4_try_get_tree+0x65/0x110\n [\u003c00000000d3a6176f\u003e] vfs_get_tree+0x41/0xf0\n [\u003c0000000016b5ad4c\u003e] path_mount+0x9b3/0xdd0\n [\u003c00000000494cae71\u003e] __x64_sys_mount+0x190/0x1d0\n [\u003c000000005d56bdec\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000687c9ae4\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49927",
"url": "https://www.suse.com/security/cve/CVE-2022-49927"
},
{
"category": "external",
"summary": "SUSE Bug 1242416 for CVE-2022-49927",
"url": "https://bugzilla.suse.com/1242416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49927"
},
{
"cve": "CVE-2022-49928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix null-ptr-deref when xps sysfs alloc failed\n\nThere is a null-ptr-deref when xps sysfs alloc failed:\n BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0\n Read of size 8 at addr 0000000000000030 by task gssproxy/457\n\n CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x34/0x44\n kasan_report+0xa3/0x120\n sysfs_do_create_link_sd+0x40/0xd0\n rpc_sysfs_client_setup+0x161/0x1b0\n rpc_new_client+0x3fc/0x6e0\n rpc_create_xprt+0x71/0x220\n rpc_create+0x1d4/0x350\n gssp_rpc_create+0xc3/0x160\n set_gssp_clnt+0xbc/0x140\n write_gssp+0x116/0x1a0\n proc_reg_write+0xd6/0x130\n vfs_write+0x177/0x690\n ksys_write+0xb9/0x150\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nWhen the xprt_switch sysfs alloc failed, should not add xprt and\nswitch sysfs to it, otherwise, maybe null-ptr-deref; also initialize\nthe \u0027xps_sysfs\u0027 to NULL to avoid oops when destroy it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49928",
"url": "https://www.suse.com/security/cve/CVE-2022-49928"
},
{
"category": "external",
"summary": "SUSE Bug 1242369 for CVE-2022-49928",
"url": "https://bugzilla.suse.com/1242369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49928"
},
{
"cve": "CVE-2022-49929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix mr leak in RESPST_ERR_RNR\n\nrxe_recheck_mr() will increase mr\u0027s ref_cnt, so we should call rxe_put(mr)\nto drop mr\u0027s ref_cnt in RESPST_ERR_RNR to avoid below warning:\n\n WARNING: CPU: 0 PID: 4156 at drivers/infiniband/sw/rxe/rxe_pool.c:259 __rxe_cleanup+0x1df/0x240 [rdma_rxe]\n...\n Call Trace:\n rxe_dereg_mr+0x4c/0x60 [rdma_rxe]\n ib_dereg_mr_user+0xa8/0x200 [ib_core]\n ib_mr_pool_destroy+0x77/0xb0 [ib_core]\n nvme_rdma_destroy_queue_ib+0x89/0x240 [nvme_rdma]\n nvme_rdma_free_queue+0x40/0x50 [nvme_rdma]\n nvme_rdma_teardown_io_queues.part.0+0xc3/0x120 [nvme_rdma]\n nvme_rdma_error_recovery_work+0x4d/0xf0 [nvme_rdma]\n process_one_work+0x582/0xa40\n ? pwq_dec_nr_in_flight+0x100/0x100\n ? rwlock_bug.part.0+0x60/0x60\n worker_thread+0x2a9/0x700\n ? process_one_work+0xa40/0xa40\n kthread+0x168/0x1a0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49929",
"url": "https://www.suse.com/security/cve/CVE-2022-49929"
},
{
"category": "external",
"summary": "SUSE Bug 1242360 for CVE-2022-49929",
"url": "https://bugzilla.suse.com/1242360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49929"
},
{
"cve": "CVE-2022-49931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Correctly move list in sc_disable()\n\nCommit 13bac861952a (\"IB/hfi1: Fix abba locking issue with sc_disable()\")\nincorrectly tries to move a list from one list head to another. The\nresult is a kernel crash.\n\nThe crash is triggered when a link goes down and there are waiters for a\nsend to complete. The following signature is seen:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n [...]\n Call Trace:\n sc_disable+0x1ba/0x240 [hfi1]\n pio_freeze+0x3d/0x60 [hfi1]\n handle_freeze+0x27/0x1b0 [hfi1]\n process_one_work+0x1b0/0x380\n ? process_one_work+0x380/0x380\n worker_thread+0x30/0x360\n ? process_one_work+0x380/0x380\n kthread+0xd7/0x100\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThe fix is to use the correct call to move the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49931",
"url": "https://www.suse.com/security/cve/CVE-2022-49931"
},
{
"category": "external",
"summary": "SUSE Bug 1242382 for CVE-2022-49931",
"url": "https://bugzilla.suse.com/1242382"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-49931"
},
{
"cve": "CVE-2023-1990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1990"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1990",
"url": "https://www.suse.com/security/cve/CVE-2023-1990"
},
{
"category": "external",
"summary": "SUSE Bug 1210337 for CVE-2023-1990",
"url": "https://bugzilla.suse.com/1210337"
},
{
"category": "external",
"summary": "SUSE Bug 1210501 for CVE-2023-1990",
"url": "https://bugzilla.suse.com/1210501"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-1990",
"url": "https://bugzilla.suse.com/1214128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-1990"
},
{
"cve": "CVE-2023-28866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28866",
"url": "https://www.suse.com/security/cve/CVE-2023-28866"
},
{
"category": "external",
"summary": "SUSE Bug 1209780 for CVE-2023-28866",
"url": "https://bugzilla.suse.com/1209780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-28866"
},
{
"cve": "CVE-2023-53035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()\n\nThe ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a\nmetadata array to/from user space, may copy uninitialized buffer regions\nto user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO\nand NILFS_IOCTL_GET_CPINFO.\n\nThis can occur when the element size of the user space metadata given by\nthe v_size member of the argument nilfs_argv structure is larger than the\nsize of the metadata element (nilfs_suinfo structure or nilfs_cpinfo\nstructure) on the file system side.\n\nKMSAN-enabled kernels detect this issue as follows:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user\n include/linux/instrumented.h:121 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n instrument_copy_to_user include/linux/instrumented.h:121 [inline]\n _copy_to_user+0xc0/0x100 lib/usercopy.c:33\n copy_to_user include/linux/uaccess.h:169 [inline]\n nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Uninit was created at:\n __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572\n alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287\n __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599\n nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74\n nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline]\n nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290\n nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343\n __do_compat_sys_ioctl fs/ioctl.c:968 [inline]\n __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910\n __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\n Bytes 16-127 of 3968 are uninitialized\n ...\n\nThis eliminates the leak issue by initializing the page allocated as\nbuffer using get_zeroed_page().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53035",
"url": "https://www.suse.com/security/cve/CVE-2023-53035"
},
{
"category": "external",
"summary": "SUSE Bug 1242739 for CVE-2023-53035",
"url": "https://bugzilla.suse.com/1242739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53035"
},
{
"cve": "CVE-2023-53036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix call trace warning and hang when removing amdgpu device\n\nOn GPUs with RAS enabled, below call trace and hang are observed when\nshutting down device.\n\nv2: use DRM device unplugged flag instead of shutdown flag as the check to\nprevent memory wipe in shutdown stage.\n\n[ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu]\n[ +0.000001] PKRU: 55555554\n[ +0.000001] Call Trace:\n[ +0.000001] \u003cTASK\u003e\n[ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu]\n[ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu]\n[ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu]\n[ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[ +0.000090] drm_dev_release+0x28/0x50 [drm]\n[ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm]\n[ +0.000011] devm_action_release+0x15/0x20\n[ +0.000003] release_nodes+0x40/0xc0\n[ +0.000001] devres_release_all+0x9e/0xe0\n[ +0.000001] device_unbind_cleanup+0x12/0x80\n[ +0.000003] device_release_driver_internal+0xff/0x160\n[ +0.000001] driver_detach+0x4a/0x90\n[ +0.000001] bus_remove_driver+0x6c/0xf0\n[ +0.000001] driver_unregister+0x31/0x50\n[ +0.000001] pci_unregister_driver+0x40/0x90\n[ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53036",
"url": "https://www.suse.com/security/cve/CVE-2023-53036"
},
{
"category": "external",
"summary": "SUSE Bug 1242740 for CVE-2023-53036",
"url": "https://bugzilla.suse.com/1242740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53036"
},
{
"cve": "CVE-2023-53038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()\n\nIf kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on\nlpfc_read_object()\u0027s routine to NULL check pdata.\n\nCurrently, an early return error is thrown from lpfc_read_object() to\nprotect us from NULL ptr dereference, but the errno code is -ENODEV.\n\nChange the errno code to a more appropriate -ENOMEM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53038",
"url": "https://www.suse.com/security/cve/CVE-2023-53038"
},
{
"category": "external",
"summary": "SUSE Bug 1242743 for CVE-2023-53038",
"url": "https://bugzilla.suse.com/1242743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "not set"
}
],
"title": "CVE-2023-53038"
},
{
"cve": "CVE-2023-53039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53039"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Fix potential use-after-free in work function\n\nWhen a reset notify IPC message is received, the ISR schedules a work\nfunction and passes the ISHTP device to it via a global pointer\nishtp_dev. If ish_probe() fails, the devm-managed device resources\nincluding ishtp_dev are freed, but the work is not cancelled, causing a\nuse-after-free when the work function tries to access ishtp_dev. Use\ndevm_work_autocancel() instead, so that the work is automatically\ncancelled if probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53039",
"url": "https://www.suse.com/security/cve/CVE-2023-53039"
},
{
"category": "external",
"summary": "SUSE Bug 1242745 for CVE-2023-53039",
"url": "https://bugzilla.suse.com/1242745"
},
{
"category": "external",
"summary": "SUSE Bug 1242880 for CVE-2023-53039",
"url": "https://bugzilla.suse.com/1242880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53039"
},
{
"cve": "CVE-2023-53040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53040"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nca8210: fix mac_len negative array access\n\nThis patch fixes a buffer overflow access of skb-\u003edata if\nieee802154_hdr_peek_addrs() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53040",
"url": "https://www.suse.com/security/cve/CVE-2023-53040"
},
{
"category": "external",
"summary": "SUSE Bug 1242746 for CVE-2023-53040",
"url": "https://bugzilla.suse.com/1242746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53040"
},
{
"cve": "CVE-2023-53041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53041"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Perform lockless command completion in abort path\n\nWhile adding and removing the controller, the following call trace was\nobserved:\n\nWARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50\nCPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1\nRIP: 0010:dma_free_attrs+0x33/0x50\n\nCall Trace:\n qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]\n qla2x00_abort_srb+0x8e/0x250 [qla2xxx]\n ? ql_dbg+0x70/0x100 [qla2xxx]\n __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]\n qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]\n qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]\n qla2x00_remove_one+0x364/0x400 [qla2xxx]\n pci_device_remove+0x36/0xa0\n __device_release_driver+0x17a/0x230\n device_release_driver+0x24/0x30\n pci_stop_bus_device+0x68/0x90\n pci_stop_and_remove_bus_device_locked+0x16/0x30\n remove_store+0x75/0x90\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n ? do_user_addr_fault+0x1d8/0x680\n ? do_syscall_64+0x69/0x80\n ? exc_page_fault+0x62/0x140\n ? asm_exc_page_fault+0x8/0x30\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe command was completed in the abort path during driver unload with a\nlock held, causing the warning in abort path. Hence complete the command\nwithout any lock held.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53041",
"url": "https://www.suse.com/security/cve/CVE-2023-53041"
},
{
"category": "external",
"summary": "SUSE Bug 1242747 for CVE-2023-53041",
"url": "https://bugzilla.suse.com/1242747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53041"
},
{
"cve": "CVE-2023-53042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53042"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not set DRR on pipe Commit\n\n[WHY]\nWriting to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a\npipe commit can cause underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53042",
"url": "https://www.suse.com/security/cve/CVE-2023-53042"
},
{
"category": "external",
"summary": "SUSE Bug 1242748 for CVE-2023-53042",
"url": "https://bugzilla.suse.com/1242748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53042"
},
{
"cve": "CVE-2023-53044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm stats: check for and propagate alloc_percpu failure\n\nCheck alloc_precpu()\u0027s return value and return an error from\ndm_stats_init() if it fails. Update alloc_dev() to fail if\ndm_stats_init() does.\n\nOtherwise, a NULL pointer dereference will occur in dm_stats_cleanup()\neven if dm-stats isn\u0027t being actively used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53044",
"url": "https://www.suse.com/security/cve/CVE-2023-53044"
},
{
"category": "external",
"summary": "SUSE Bug 1242759 for CVE-2023-53044",
"url": "https://bugzilla.suse.com/1242759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53044"
},
{
"cve": "CVE-2023-53045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53045"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: don\u0027t let userspace block driver unbind\n\nIn the unbind callback for f_uac1 and f_uac2, a call to snd_card_free()\nvia g_audio_cleanup() will disconnect the card and then wait for all\nresources to be released, which happens when the refcount falls to zero.\nSince userspace can keep the refcount incremented by not closing the\nrelevant file descriptor, the call to unbind may block indefinitely.\nThis can cause a deadlock during reboot, as evidenced by the following\nblocked task observed on my machine:\n\n task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c\n Call trace:\n __switch_to+0xc8/0x140\n __schedule+0x2f0/0x7c0\n schedule+0x60/0xd0\n schedule_timeout+0x180/0x1d4\n wait_for_completion+0x78/0x180\n snd_card_free+0x90/0xa0\n g_audio_cleanup+0x2c/0x64\n afunc_unbind+0x28/0x60\n ...\n kernel_restart+0x4c/0xac\n __do_sys_reboot+0xcc/0x1ec\n __arm64_sys_reboot+0x28/0x30\n invoke_syscall+0x4c/0x110\n ...\n\nThe issue can also be observed by opening the card with arecord and\nthen stopping the process through the shell before unbinding:\n\n # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n Recording WAVE \u0027/dev/null\u0027 : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo\n ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null\n # echo gadget.0 \u003e /sys/bus/gadget/drivers/configfs-gadget/unbind\n (observe that the unbind command never finishes)\n\nFix the problem by using snd_card_free_when_closed() instead, which will\nstill disconnect the card as desired, but defer the task of freeing the\nresources to the core once userspace closes its file descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53045",
"url": "https://www.suse.com/security/cve/CVE-2023-53045"
},
{
"category": "external",
"summary": "SUSE Bug 1242756 for CVE-2023-53045",
"url": "https://bugzilla.suse.com/1242756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53045"
},
{
"cve": "CVE-2023-53049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ucsi: Fix NULL pointer deref in ucsi_connector_change()\n\nWhen ucsi_init() fails, ucsi-\u003econnector is NULL, yet in case of\nucsi_acpi we may still get events which cause the ucs_acpi code to call\nucsi_connector_change(), which then derefs the NULL ucsi-\u003econnector\npointer.\n\nFix this by not setting ucsi-\u003entfy inside ucsi_init() until ucsi_init()\nhas succeeded, so that ucsi_connector_change() ignores the events\nbecause UCSI_ENABLE_NTFY_CONNECTOR_CHANGE is not set in the ntfy mask.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53049",
"url": "https://www.suse.com/security/cve/CVE-2023-53049"
},
{
"category": "external",
"summary": "SUSE Bug 1242244 for CVE-2023-53049",
"url": "https://bugzilla.suse.com/1242244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53049"
},
{
"cve": "CVE-2023-53052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix use-after-free bug in refresh_cache_worker()\n\nThe UAF bug occurred because we were putting DFS root sessions in\ncifs_umount() while DFS cache refresher was being executed.\n\nMake DFS root sessions have same lifetime as DFS tcons so we can avoid\nthe use-after-free bug is DFS cache refresher and other places that\nrequire IPCs to get new DFS referrals on. Also, get rid of mount\ngroup handling in DFS cache as we no longer need it.\n\nThis fixes below use-after-free bug catched by KASAN\n\n[ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56\n[ 379.948096]\n[ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23\n[ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014\n[ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs]\n[ 379.949942] Call Trace:\n[ 379.950113] \u003cTASK\u003e\n[ 379.950260] dump_stack_lvl+0x50/0x67\n[ 379.950510] print_report+0x16a/0x48e\n[ 379.950759] ? __virt_addr_valid+0xd8/0x160\n[ 379.951040] ? __phys_addr+0x41/0x80\n[ 379.951285] kasan_report+0xdb/0x110\n[ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs]\n[ 379.953637] ? __pfx___mutex_lock+0x10/0x10\n[ 379.953915] ? lock_release+0xb6/0x720\n[ 379.954167] ? __pfx_lock_acquire+0x10/0x10\n[ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs]\n[ 379.954960] ? __pfx_wb_workfn+0x10/0x10\n[ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs]\n[ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs]\n[ 379.956323] ? __pfx_lock_acquired+0x10/0x10\n[ 379.956615] ? read_word_at_a_time+0xe/0x20\n[ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220\n[ 379.957235] process_one_work+0x535/0x990\n[ 379.957509] ? __pfx_process_one_work+0x10/0x10\n[ 379.957812] ? lock_acquired+0xb7/0x5f0\n[ 379.958069] ? __list_add_valid+0x37/0xd0\n[ 379.958341] ? __list_add_valid+0x37/0xd0\n[ 379.958611] worker_thread+0x8e/0x630\n[ 379.958861] ? __pfx_worker_thread+0x10/0x10\n[ 379.959148] kthread+0x17d/0x1b0\n[ 379.959369] ? __pfx_kthread+0x10/0x10\n[ 379.959630] ret_from_fork+0x2c/0x50\n[ 379.959879] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53052",
"url": "https://www.suse.com/security/cve/CVE-2023-53052"
},
{
"category": "external",
"summary": "SUSE Bug 1242749 for CVE-2023-53052",
"url": "https://bugzilla.suse.com/1242749"
},
{
"category": "external",
"summary": "SUSE Bug 1242881 for CVE-2023-53052",
"url": "https://bugzilla.suse.com/1242881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-53052"
},
{
"cve": "CVE-2023-53054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: fix a devres leak in hw_enable upon suspend resume\n\nEach time the platform goes to low power, PM suspend / resume routines\ncall: __dwc2_lowlevel_hw_enable -\u003e devm_add_action_or_reset().\nThis adds a new devres each time.\nThis may also happen at runtime, as dwc2_lowlevel_hw_enable() can be\ncalled from udc_start().\n\nThis can be seen with tracing:\n- echo 1 \u003e /sys/kernel/debug/tracing/events/dev/devres_log/enable\n- go to low power\n- cat /sys/kernel/debug/tracing/trace\n\nA new \"ADD\" entry is found upon each low power cycle:\n... devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes)\n... devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes)\n...\n\nA second issue is addressed here:\n- regulator_bulk_enable() is called upon each PM cycle (suspend/resume).\n- regulator_bulk_disable() never gets called.\n\nSo the reference count for these regulators constantly increase, by one\nupon each low power cycle, due to missing regulator_bulk_disable() call\nin __dwc2_lowlevel_hw_disable().\n\nThe original fix that introduced the devm_add_action_or_reset() call,\nfixed an issue during probe, that happens due to other errors in\ndwc2_driver_probe() -\u003e dwc2_core_reset(). Then the probe fails without\ndisabling regulators, when dr_mode == USB_DR_MODE_PERIPHERAL.\n\nRather fix the error path: disable all the low level hardware in the\nerror path, by using the \"hsotg-\u003ell_hw_enabled\" flag. Checking dr_mode\nhas been introduced to avoid a dual call to dwc2_lowlevel_hw_disable().\n\"ll_hw_enabled\" should achieve the same (and is used currently in the\nremove() routine).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53054",
"url": "https://www.suse.com/security/cve/CVE-2023-53054"
},
{
"category": "external",
"summary": "SUSE Bug 1242226 for CVE-2023-53054",
"url": "https://bugzilla.suse.com/1242226"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53054"
},
{
"cve": "CVE-2023-53056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Synchronize the IOCB count to be in order\n\nA system hang was observed with the following call trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1\nHardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022\nRIP: 0010:__wake_up_common+0x55/0x190\nCode: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d\n 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\\\n 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 \u003c49\u003e 8b 40 18 89 6c 24 14 31\n ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d\nRSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082\nRAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018\nRBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8\nR10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001\nR13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000)\n\tknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0\nCall Trace:\n \u003cTASK\u003e\n __wake_up_common_lock+0x83/0xd0\n qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx]\n __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc]\n nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc]\n nvme_fc_delete_association+0x1bf/0x220 [nvme_fc]\n ? nvme_remove_namespaces+0x9f/0x140 [nvme_core]\n nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core]\n nvme_sysfs_delete+0x5f/0x70 [nvme_core]\n kernfs_fop_write_iter+0x12b/0x1c0\n vfs_write+0x2a3/0x3b0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x90\n ? syscall_exit_work+0x103/0x130\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? exit_to_user_mode_loop+0xd0/0x130\n ? exit_to_user_mode_prepare+0xec/0x100\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n ? syscall_exit_to_user_mode+0x12/0x30\n ? do_syscall_64+0x69/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n RIP: 0033:0x7f815cd3eb97\n\nThe IOCB counts are out of order and that would block any commands from\ngoing out and subsequently hang the system. Synchronize the IOCB count to\nbe in correct order.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53056",
"url": "https://www.suse.com/security/cve/CVE-2023-53056"
},
{
"category": "external",
"summary": "SUSE Bug 1242219 for CVE-2023-53056",
"url": "https://bugzilla.suse.com/1242219"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53056"
},
{
"cve": "CVE-2023-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Fix global-out-of-bounds\n\nTo loop a variable-length array, hci_init_stage_sync(stage) considers\nthat stage[i] is valid as long as stage[i-1].func is valid.\nThus, the last element of stage[].func should be intentionally invalid\nas hci_init0[], le_init2[], and others did.\nHowever, amp_init1[] and amp_init2[] have no invalid element, letting\nhci_init_stage_sync() keep accessing amp_init1[] over its valid range.\nThis patch fixes this by adding {} in the last of amp_init1[] and\namp_init2[].\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in hci_dev_open_sync (\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n/v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n/v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nRead of size 8 at addr ffffffffaed1ab70 by task kworker/u5:0/1032\nCPU: 0 PID: 1032 Comm: kworker/u5:0 Not tainted 6.2.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04\nWorkqueue: hci1 hci_power_on\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (/v6.2-bzimage/lib/dump_stack.c:107 (discriminator 1))\nprint_report (/v6.2-bzimage/mm/kasan/report.c:307\n /v6.2-bzimage/mm/kasan/report.c:417)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nkasan_report (/v6.2-bzimage/mm/kasan/report.c:184\n /v6.2-bzimage/mm/kasan/report.c:519)\n? hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\nhci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:3154\n /v6.2-bzimage/net/bluetooth/hci_sync.c:3343\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4418\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4609\n /v6.2-bzimage/net/bluetooth/hci_sync.c:4689)\n? __pfx_hci_dev_open_sync (/v6.2-bzimage/net/bluetooth/hci_sync.c:4635)\n? mutex_lock (/v6.2-bzimage/./arch/x86/include/asm/atomic64_64.h:190\n /v6.2-bzimage/./include/linux/atomic/atomic-long.h:443\n /v6.2-bzimage/./include/linux/atomic/atomic-instrumented.h:1781\n /v6.2-bzimage/kernel/locking/mutex.c:171\n /v6.2-bzimage/kernel/locking/mutex.c:285)\n? __pfx_mutex_lock (/v6.2-bzimage/kernel/locking/mutex.c:282)\nhci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:485\n /v6.2-bzimage/net/bluetooth/hci_core.c:984)\n? __pfx_hci_power_on (/v6.2-bzimage/net/bluetooth/hci_core.c:969)\n? read_word_at_a_time (/v6.2-bzimage/./include/asm-generic/rwonce.h:85)\n? strscpy (/v6.2-bzimage/./arch/x86/include/asm/word-at-a-time.h:62\n /v6.2-bzimage/lib/string.c:161)\nprocess_one_work (/v6.2-bzimage/kernel/workqueue.c:2294)\nworker_thread (/v6.2-bzimage/./include/linux/list.h:292\n /v6.2-bzimage/kernel/workqueue.c:2437)\n? __pfx_worker_thread (/v6.2-bzimage/kernel/workqueue.c:2379)\nkthread (/v6.2-bzimage/kernel/kthread.c:376)\n? __pfx_kthread (/v6.2-bzimage/kernel/kthread.c:331)\nret_from_fork (/v6.2-bzimage/arch/x86/entry/entry_64.S:314)\n \u003c/TASK\u003e\nThe buggy address belongs to the variable:\namp_init1+0x30/0x60\nThe buggy address belongs to the physical page:\npage:000000003a157ec6 refcount:1 mapcount:0 mapping:0000000000000000 ia\nflags: 0x200000000001000(reserved|node=0|zone=2)\nraw: 0200000000001000 ffffea0005054688 ffffea0005054688 000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\n ffffffffaed1aa00: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00\n ffffffffaed1aa80: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00\n\u003effffffffaed1ab00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53057",
"url": "https://www.suse.com/security/cve/CVE-2023-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1242240 for CVE-2023-53057",
"url": "https://bugzilla.suse.com/1242240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53057"
},
{
"cve": "CVE-2023-53058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-Switch, Fix an Oops in error handling code\n\nThe error handling dereferences \"vport\". There is nothing we can do if\nit is an error pointer except returning the error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53058",
"url": "https://www.suse.com/security/cve/CVE-2023-53058"
},
{
"category": "external",
"summary": "SUSE Bug 1242237 for CVE-2023-53058",
"url": "https://bugzilla.suse.com/1242237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53058"
},
{
"cve": "CVE-2023-53059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53059"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_chardev: fix kernel data leak from ioctl\n\nIt is possible to peep kernel page\u0027s data by providing larger `insize`\nin struct cros_ec_command[1] when invoking EC host commands.\n\nFix it by using zeroed memory.\n\n[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53059",
"url": "https://www.suse.com/security/cve/CVE-2023-53059"
},
{
"category": "external",
"summary": "SUSE Bug 1242230 for CVE-2023-53059",
"url": "https://bugzilla.suse.com/1242230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53059"
},
{
"cve": "CVE-2023-53060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: revert rtnl_lock() that causes deadlock\n\nThe commit 6faee3d4ee8b (\"igb: Add lock to avoid data race\") adds\nrtnl_lock to eliminate a false data race shown below\n\n (FREE from device detaching) | (USE from netdev core)\nigb_remove | igb_ndo_get_vf_config\n igb_disable_sriov | vf \u003e= adapter-\u003evfs_allocated_count?\n kfree(adapter-\u003evf_data) |\n adapter-\u003evfs_allocated_count = 0 |\n | memcpy(... adapter-\u003evf_data[vf]\n\nThe above race will never happen and the extra rtnl_lock causes deadlock\nbelow\n\n[ 141.420169] \u003cTASK\u003e\n[ 141.420672] __schedule+0x2dd/0x840\n[ 141.421427] schedule+0x50/0xc0\n[ 141.422041] schedule_preempt_disabled+0x11/0x20\n[ 141.422678] __mutex_lock.isra.13+0x431/0x6b0\n[ 141.423324] unregister_netdev+0xe/0x20\n[ 141.423578] igbvf_remove+0x45/0xe0 [igbvf]\n[ 141.423791] pci_device_remove+0x36/0xb0\n[ 141.423990] device_release_driver_internal+0xc1/0x160\n[ 141.424270] pci_stop_bus_device+0x6d/0x90\n[ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20\n[ 141.424789] pci_iov_remove_virtfn+0xba/0x120\n[ 141.425452] sriov_disable+0x2f/0xf0\n[ 141.425679] igb_disable_sriov+0x4e/0x100 [igb]\n[ 141.426353] igb_remove+0xa0/0x130 [igb]\n[ 141.426599] pci_device_remove+0x36/0xb0\n[ 141.426796] device_release_driver_internal+0xc1/0x160\n[ 141.427060] driver_detach+0x44/0x90\n[ 141.427253] bus_remove_driver+0x55/0xe0\n[ 141.427477] pci_unregister_driver+0x2a/0xa0\n[ 141.428296] __x64_sys_delete_module+0x141/0x2b0\n[ 141.429126] ? mntput_no_expire+0x4a/0x240\n[ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0\n[ 141.429653] do_syscall_64+0x5b/0x80\n[ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0\n[ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.430849] ? do_syscall_64+0x67/0x80\n[ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0\n[ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30\n[ 141.432482] ? do_syscall_64+0x67/0x80\n[ 141.432714] ? exc_page_fault+0x64/0x140\n[ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nSince the igb_disable_sriov() will call pci_disable_sriov() before\nreleasing any resources, the netdev core will synchronize the cleanup to\navoid any races. This patch removes the useless rtnl_(un)lock to guarantee\ncorrectness.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53060",
"url": "https://www.suse.com/security/cve/CVE-2023-53060"
},
{
"category": "external",
"summary": "SUSE Bug 1242241 for CVE-2023-53060",
"url": "https://bugzilla.suse.com/1242241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53060"
},
{
"cve": "CVE-2023-53062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc95xx: Limit packet length to skb-\u003elen\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53062",
"url": "https://www.suse.com/security/cve/CVE-2023-53062"
},
{
"category": "external",
"summary": "SUSE Bug 1242228 for CVE-2023-53062",
"url": "https://bugzilla.suse.com/1242228"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53062"
},
{
"cve": "CVE-2023-53064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix hang on reboot with ice\n\nWhen a system with E810 with existing VFs gets rebooted the following\nhang may be observed.\n\n Pid 1 is hung in iavf_remove(), part of a network driver:\n PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: \"systemd-shutdow\"\n #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb\n #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d\n #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc\n #3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930\n #4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf]\n #5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513\n #6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa\n #7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc\n #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e\n #9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429\n #10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4\n #11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice]\n #12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice]\n #13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice]\n #14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1\n #15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386\n #16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870\n #17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6\n #18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159\n #19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc\n #20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d\n #21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169\n #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b\n RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7\n RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead\n RBP: 00007fffbcc55ca0 R8: 0000000000000000 R9: 00007fffbcc54e90\n R10: 00007fffbcc55050 R11: 0000000000000202 R12: 0000000000000005\n R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000\n ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b\n\nDuring reboot all drivers PM shutdown callbacks are invoked.\nIn iavf_shutdown() the adapter state is changed to __IAVF_REMOVE.\nIn ice_shutdown() the call chain above is executed, which at some point\ncalls iavf_remove(). However iavf_remove() expects the VF to be in one\nof the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If\nthat\u0027s not the case it sleeps forever.\nSo if iavf_shutdown() gets invoked before iavf_remove() the system will\nhang indefinitely because the adapter is already in state __IAVF_REMOVE.\n\nFix this by returning from iavf_remove() if the state is __IAVF_REMOVE,\nas we already went through iavf_shutdown().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53064",
"url": "https://www.suse.com/security/cve/CVE-2023-53064"
},
{
"category": "external",
"summary": "SUSE Bug 1242222 for CVE-2023-53064",
"url": "https://bugzilla.suse.com/1242222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53064"
},
{
"cve": "CVE-2023-53065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53065"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output\n\nsyzkaller reportes a KASAN issue with stack-out-of-bounds.\nThe call trace is as follows:\n dump_stack+0x9c/0xd3\n print_address_description.constprop.0+0x19/0x170\n __kasan_report.cold+0x6c/0x84\n kasan_report+0x3a/0x50\n __perf_event_header__init_id+0x34/0x290\n perf_event_header__init_id+0x48/0x60\n perf_output_begin+0x4a4/0x560\n perf_event_bpf_output+0x161/0x1e0\n perf_iterate_sb_cpu+0x29e/0x340\n perf_iterate_sb+0x4c/0xc0\n perf_event_bpf_event+0x194/0x2c0\n __bpf_prog_put.constprop.0+0x55/0xf0\n __cls_bpf_delete_prog+0xea/0x120 [cls_bpf]\n cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf]\n process_one_work+0x3c2/0x730\n worker_thread+0x93/0x650\n kthread+0x1b8/0x210\n ret_from_fork+0x1f/0x30\n\ncommit 267fb27352b6 (\"perf: Reduce stack usage of perf_output_begin()\")\nuse on-stack struct perf_sample_data of the caller function.\n\nHowever, perf_event_bpf_output uses incorrect parameter to convert\nsmall-sized data (struct perf_bpf_event) into large-sized data\n(struct perf_sample_data), which causes memory overwriting occurs in\n__perf_event_header__init_id.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53065",
"url": "https://www.suse.com/security/cve/CVE-2023-53065"
},
{
"category": "external",
"summary": "SUSE Bug 1242229 for CVE-2023-53065",
"url": "https://bugzilla.suse.com/1242229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53065"
},
{
"cve": "CVE-2023-53066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info\n\nWe have to make sure that the info returned by the helper is valid\nbefore using it.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53066",
"url": "https://www.suse.com/security/cve/CVE-2023-53066"
},
{
"category": "external",
"summary": "SUSE Bug 1242227 for CVE-2023-53066",
"url": "https://bugzilla.suse.com/1242227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53066"
},
{
"cve": "CVE-2023-53068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Limit packet length to skb-\u003elen\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.\n\nAdditionally prevent integer underflow when size is less than\nETH_FCS_LEN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53068",
"url": "https://www.suse.com/security/cve/CVE-2023-53068"
},
{
"category": "external",
"summary": "SUSE Bug 1242239 for CVE-2023-53068",
"url": "https://bugzilla.suse.com/1242239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53068"
},
{
"cve": "CVE-2023-53070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53070"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nenabled to map PPTT once on the first invocation of acpi_get_pptt() and\nnever unmapped the same allowing it to be used at runtime with out the\nhassle of mapping and unmapping the table. This was needed to fetch LLC\ninformation from the PPTT in the cpuhotplug path which is executed in\nthe atomic context as the acpi_get_table() might sleep waiting for a\nmutex.\n\nHowever it missed to handle the case when there is no PPTT on the system\nwhich results in acpi_get_pptt() being called from all the secondary\nCPUs attempting to fetch the LLC information in the atomic context\nwithout knowing the absence of PPTT resulting in the splat like below:\n\n | BUG: sleeping function called from invalid context at kernel/locking/semaphore.c:164\n | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n | preempt_count: 1, expected: 0\n | RCU nest depth: 0, expected: 0\n | no locks held by swapper/1/0.\n | irq event stamp: 0\n | hardirqs last enabled at (0): 0x0\n | hardirqs last disabled at (0): copy_process+0x61c/0x1b40\n | softirqs last enabled at (0): copy_process+0x61c/0x1b40\n | softirqs last disabled at (0): 0x0\n | CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.3.0-rc1 #1\n | Call trace:\n | dump_backtrace+0xac/0x138\n | show_stack+0x30/0x48\n | dump_stack_lvl+0x60/0xb0\n | dump_stack+0x18/0x28\n | __might_resched+0x160/0x270\n | __might_sleep+0x58/0xb0\n | down_timeout+0x34/0x98\n | acpi_os_wait_semaphore+0x7c/0xc0\n | acpi_ut_acquire_mutex+0x58/0x108\n | acpi_get_table+0x40/0xe8\n | acpi_get_pptt+0x48/0xa0\n | acpi_get_cache_info+0x38/0x140\n | init_cache_level+0xf4/0x118\n | detect_cache_attributes+0x2e4/0x640\n | update_siblings_masks+0x3c/0x330\n | store_cpu_topology+0x88/0xf0\n | secondary_start_kernel+0xd0/0x168\n | __secondary_switched+0xb8/0xc0\n\nUpdate acpi_get_pptt() to consider the fact that PPTT is once checked and\nis not available on the system and return NULL avoiding any attempts to\nfetch PPTT and thereby avoiding any possible sleep waiting for a mutex\nin the atomic context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53070",
"url": "https://www.suse.com/security/cve/CVE-2023-53070"
},
{
"category": "external",
"summary": "SUSE Bug 1242286 for CVE-2023-53070",
"url": "https://bugzilla.suse.com/1242286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53070"
},
{
"cve": "CVE-2023-53071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: do not run mt76_unregister_device() on unregistered hw\n\nTrying to probe a mt7921e pci card without firmware results in a\nsuccessful probe where ieee80211_register_hw hasn\u0027t been called. When\nremoving the driver, ieee802111_unregister_hw is called unconditionally\nleading to a kernel NULL pointer dereference.\nFix the issue running mt76_unregister_device routine just for registered\nhw.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53071",
"url": "https://www.suse.com/security/cve/CVE-2023-53071"
},
{
"category": "external",
"summary": "SUSE Bug 1242217 for CVE-2023-53071",
"url": "https://bugzilla.suse.com/1242217"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53071"
},
{
"cve": "CVE-2023-53073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd/core: Always clear status for idx\n\nThe variable \u0027status\u0027 (which contains the unhandled overflow bits) is\nnot being properly masked in some cases, displaying the following\nwarning:\n\n WARNING: CPU: 156 PID: 475601 at arch/x86/events/amd/core.c:972 amd_pmu_v2_handle_irq+0x216/0x270\n\nThis seems to be happening because the loop is being continued before\nthe status bit being unset, in case x86_perf_event_set_period()\nreturns 0. This is also causing an inconsistency because the \"handled\"\ncounter is incremented, but the status bit is not cleaned.\n\nMove the bit cleaning together above, together when the \"handled\"\ncounter is incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53073",
"url": "https://www.suse.com/security/cve/CVE-2023-53073"
},
{
"category": "external",
"summary": "SUSE Bug 1242224 for CVE-2023-53073",
"url": "https://bugzilla.suse.com/1242224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53073"
},
{
"cve": "CVE-2023-53074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini\n\nThe call trace occurs when the amdgpu is removed after\nthe mode1 reset. During mode1 reset, from suspend to resume,\nthere is no need to reinitialize the ta firmware buffer\nwhich caused the bo pin_count increase redundantly.\n\n[ 489.885525] Call Trace:\n[ 489.885525] \u003cTASK\u003e\n[ 489.885526] amdttm_bo_put+0x34/0x50 [amdttm]\n[ 489.885529] amdgpu_bo_free_kernel+0xe8/0x130 [amdgpu]\n[ 489.885620] psp_free_shared_bufs+0xb7/0x150 [amdgpu]\n[ 489.885720] psp_hw_fini+0xce/0x170 [amdgpu]\n[ 489.885815] amdgpu_device_fini_hw+0x2ff/0x413 [amdgpu]\n[ 489.885960] ? blocking_notifier_chain_unregister+0x56/0xb0\n[ 489.885962] amdgpu_driver_unload_kms+0x51/0x60 [amdgpu]\n[ 489.886049] amdgpu_pci_remove+0x5a/0x140 [amdgpu]\n[ 489.886132] ? __pm_runtime_resume+0x60/0x90\n[ 489.886134] pci_device_remove+0x3e/0xb0\n[ 489.886135] __device_release_driver+0x1ab/0x2a0\n[ 489.886137] driver_detach+0xf3/0x140\n[ 489.886138] bus_remove_driver+0x6c/0xf0\n[ 489.886140] driver_unregister+0x31/0x60\n[ 489.886141] pci_unregister_driver+0x40/0x90\n[ 489.886142] amdgpu_exit+0x15/0x451 [amdgpu]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53074",
"url": "https://www.suse.com/security/cve/CVE-2023-53074"
},
{
"category": "external",
"summary": "SUSE Bug 1242751 for CVE-2023-53074",
"url": "https://bugzilla.suse.com/1242751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "not set"
}
],
"title": "CVE-2023-53074"
},
{
"cve": "CVE-2023-53075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53075"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix invalid address access in lookup_rec() when index is 0\n\nKASAN reported follow problem:\n\n BUG: KASAN: use-after-free in lookup_rec\n Read of size 8 at addr ffff000199270ff0 by task modprobe\n CPU: 2 Comm: modprobe\n Call trace:\n kasan_report\n __asan_load8\n lookup_rec\n ftrace_location\n arch_check_ftrace_location\n check_kprobe_address_safe\n register_kprobe\n\nWhen checking pg-\u003erecords[pg-\u003eindex - 1].ip in lookup_rec(), it can get a\npg which is newly added to ftrace_pages_start in ftrace_process_locs().\nBefore the first pg-\u003eindex++, index is 0 and accessing pg-\u003erecords[-1].ip\nwill cause this problem.\n\nDon\u0027t check the ip when pg-\u003eindex is 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53075",
"url": "https://www.suse.com/security/cve/CVE-2023-53075"
},
{
"category": "external",
"summary": "SUSE Bug 1242218 for CVE-2023-53075",
"url": "https://bugzilla.suse.com/1242218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53075"
},
{
"cve": "CVE-2023-53077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes\n\n[WHY]\nWhen PTEBufferSizeInRequests is zero, UBSAN reports the following\nwarning because dml_log2 returns an unexpected negative value:\n\n shift exponent 4294966273 is too large for 32-bit type \u0027int\u0027\n\n[HOW]\n\nIn the case PTEBufferSizeInRequests is zero, skip the dml_log2() and\nassign the result directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53077",
"url": "https://www.suse.com/security/cve/CVE-2023-53077"
},
{
"category": "external",
"summary": "SUSE Bug 1242752 for CVE-2023-53077",
"url": "https://bugzilla.suse.com/1242752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53077"
},
{
"cve": "CVE-2023-53078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for \u0027qdata\u0027 in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then \u0027qdata\u0027 is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\n backtrace:\n [\u003c0000000098f3a26d\u003e] alua_activate+0xb0/0x320\n [\u003c000000003b529641\u003e] scsi_dh_activate+0xb2/0x140\n [\u003c000000007b296db3\u003e] activate_path_work+0xc6/0xe0 [dm_multipath]\n [\u003c000000007adc9ace\u003e] process_one_work+0x3c5/0x730\n [\u003c00000000c457a985\u003e] worker_thread+0x93/0x650\n [\u003c00000000cb80e628\u003e] kthread+0x1ba/0x210\n [\u003c00000000a1e61077\u003e] ret_from_fork+0x22/0x30\n\nFix the problem by freeing \u0027qdata\u0027 in error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53078",
"url": "https://www.suse.com/security/cve/CVE-2023-53078"
},
{
"category": "external",
"summary": "SUSE Bug 1242231 for CVE-2023-53078",
"url": "https://bugzilla.suse.com/1242231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53078"
},
{
"cve": "CVE-2023-53079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix steering rules cleanup\n\nvport\u0027s mc, uc and multicast rules are not deleted in teardown path when\nEEH happens. Since the vport\u0027s promisc settings(uc, mc and all) in\nfirmware are reset after EEH, mlx5 driver will try to delete the above\nrules in the initialization path. This cause kernel crash because these\nsoftware rules are no longer valid.\n\nFix by nullifying these rules right after delete to avoid accessing any dangling\npointers.\n\nCall Trace:\n__list_del_entry_valid+0xcc/0x100 (unreliable)\ntree_put_node+0xf4/0x1b0 [mlx5_core]\ntree_remove_node+0x30/0x70 [mlx5_core]\nmlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core]\nesw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core]\nesw_update_vport_rx_mode+0xb4/0x180 [mlx5_core]\nesw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core]\nesw_enable_vport+0x130/0x260 [mlx5_core]\nmlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core]\nmlx5_device_enable_sriov+0x74/0x440 [mlx5_core]\nmlx5_load_one+0x114c/0x1550 [mlx5_core]\nmlx5_pci_resume+0x68/0xf0 [mlx5_core]\neeh_report_resume+0x1a4/0x230\neeh_pe_dev_traverse+0x98/0x170\neeh_handle_normal_event+0x3e4/0x640\neeh_handle_event+0x4c/0x370\neeh_event_handler+0x14c/0x210\nkthread+0x168/0x1b0\nret_from_kernel_thread+0x5c/0x84",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53079",
"url": "https://www.suse.com/security/cve/CVE-2023-53079"
},
{
"category": "external",
"summary": "SUSE Bug 1242765 for CVE-2023-53079",
"url": "https://bugzilla.suse.com/1242765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53079"
},
{
"cve": "CVE-2023-53081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53081"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix data corruption after failed write\n\nWhen buffered write fails to copy data into underlying page cache page,\nocfs2_write_end_nolock() just zeroes out and dirties the page. This can\nleave dirty page beyond EOF and if page writeback tries to write this page\nbefore write succeeds and expands i_size, page gets into inconsistent\nstate where page dirty bit is clear but buffer dirty bits stay set\nresulting in page data never getting written and so data copied to the\npage is lost. Fix the problem by invalidating page beyond EOF after\nfailed write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53081",
"url": "https://www.suse.com/security/cve/CVE-2023-53081"
},
{
"category": "external",
"summary": "SUSE Bug 1242281 for CVE-2023-53081",
"url": "https://bugzilla.suse.com/1242281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53081"
},
{
"cve": "CVE-2023-53082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix the crash in hot unplug with vp_vdpa\n\nWhile unplugging the vp_vdpa device, it triggers a kernel panic\nThe root cause is: vdpa_mgmtdev_unregister() will accesses modern\ndevices which will cause a use after free.\nSo need to change the sequence in vp_vdpa_remove\n\n[ 195.003359] BUG: unable to handle page fault for address: ff4e8beb80199014\n[ 195.004012] #PF: supervisor read access in kernel mode\n[ 195.004486] #PF: error_code(0x0000) - not-present page\n[ 195.004960] PGD 100000067 P4D 1001b6067 PUD 1001b7067 PMD 1001b8067 PTE 0\n[ 195.005578] Oops: 0000 1 PREEMPT SMP PTI\n[ 195.005968] CPU: 13 PID: 164 Comm: kworker/u56:10 Kdump: loaded Not tainted 5.14.0-252.el9.x86_64 #1\n[ 195.006792] Hardware name: Red Hat KVM/RHEL, BIOS edk2-20221207gitfff6d81270b5-2.el9 unknown\n[ 195.007556] Workqueue: kacpi_hotplug acpi_hotplug_work_fn\n[ 195.008059] RIP: 0010:ioread8+0x31/0x80\n[ 195.008418] Code: 77 28 48 81 ff 00 00 01 00 76 0b 89 fa ec 0f b6 c0 c3 cc cc cc cc 8b 15 ad 72 93 01 b8 ff 00 00 00 85 d2 75 0f c3 cc cc cc cc \u003c8a\u003e 07 0f b6 c0 c3 cc cc cc cc 83 ea 01 48 83 ec 08 48 89 fe 48 c7\n[ 195.010104] RSP: 0018:ff4e8beb8067bab8 EFLAGS: 00010292\n[ 195.010584] RAX: ffffffffc05834a0 RBX: ffffffffc05843c0 RCX: ff4e8beb8067bae0\n[ 195.011233] RDX: ff1bcbd580f88000 RSI: 0000000000000246 RDI: ff4e8beb80199014\n[ 195.011881] RBP: ff1bcbd587e39000 R08: ffffffff916fa2d0 R09: ff4e8beb8067ba68\n[ 195.012527] R10: 000000000000001c R11: 0000000000000000 R12: ff1bcbd5a3de9120\n[ 195.013179] R13: ffffffffc062d000 R14: 0000000000000080 R15: ff1bcbe402bc7805\n[ 195.013826] FS: 0000000000000000(0000) GS:ff1bcbe402740000(0000) knlGS:0000000000000000\n[ 195.014564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 195.015093] CR2: ff4e8beb80199014 CR3: 0000000107dea002 CR4: 0000000000771ee0\n[ 195.015741] PKRU: 55555554\n[ 195.016001] Call Trace:\n[ 195.016233] \u003cTASK\u003e\n[ 195.016434] vp_modern_get_status+0x12/0x20\n[ 195.016823] vp_vdpa_reset+0x1b/0x50 [vp_vdpa]\n[ 195.017238] virtio_vdpa_reset+0x3c/0x48 [virtio_vdpa]\n[ 195.017709] remove_vq_common+0x1f/0x3a0 [virtio_net]\n[ 195.018178] virtnet_remove+0x5d/0x70 [virtio_net]\n[ 195.018618] virtio_dev_remove+0x3d/0x90\n[ 195.018986] device_release_driver_internal+0x1aa/0x230\n[ 195.019466] bus_remove_device+0xd8/0x150\n[ 195.019841] device_del+0x18b/0x3f0\n[ 195.020167] ? kernfs_find_ns+0x35/0xd0\n[ 195.020526] device_unregister+0x13/0x60\n[ 195.020894] unregister_virtio_device+0x11/0x20\n[ 195.021311] device_release_driver_internal+0x1aa/0x230\n[ 195.021790] bus_remove_device+0xd8/0x150\n[ 195.022162] device_del+0x18b/0x3f0\n[ 195.022487] device_unregister+0x13/0x60\n[ 195.022852] ? vdpa_dev_remove+0x30/0x30 [vdpa]\n[ 195.023270] vp_vdpa_dev_del+0x12/0x20 [vp_vdpa]\n[ 195.023694] vdpa_match_remove+0x2b/0x40 [vdpa]\n[ 195.024115] bus_for_each_dev+0x78/0xc0\n[ 195.024471] vdpa_mgmtdev_unregister+0x65/0x80 [vdpa]\n[ 195.024937] vp_vdpa_remove+0x23/0x40 [vp_vdpa]\n[ 195.025353] pci_device_remove+0x36/0xa0\n[ 195.025719] device_release_driver_internal+0x1aa/0x230\n[ 195.026201] pci_stop_bus_device+0x6c/0x90\n[ 195.026580] pci_stop_and_remove_bus_device+0xe/0x20\n[ 195.027039] disable_slot+0x49/0x90\n[ 195.027366] acpiphp_disable_and_eject_slot+0x15/0x90\n[ 195.027832] hotplug_event+0xea/0x210\n[ 195.028171] ? hotplug_event+0x210/0x210\n[ 195.028535] acpiphp_hotplug_notify+0x22/0x80\n[ 195.028942] ? hotplug_event+0x210/0x210\n[ 195.029303] acpi_device_hotplug+0x8a/0x1d0\n[ 195.029690] acpi_hotplug_work_fn+0x1a/0x30\n[ 195.030077] process_one_work+0x1e8/0x3c0\n[ 195.030451] worker_thread+0x50/0x3b0\n[ 195.030791] ? rescuer_thread+0x3a0/0x3a0\n[ 195.031165] kthread+0xd9/0x100\n[ 195.031459] ? kthread_complete_and_exit+0x20/0x20\n[ 195.031899] ret_from_fork+0x22/0x30\n[ 195.032233] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53082",
"url": "https://www.suse.com/security/cve/CVE-2023-53082"
},
{
"category": "external",
"summary": "SUSE Bug 1242295 for CVE-2023-53082",
"url": "https://bugzilla.suse.com/1242295"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53082"
},
{
"cve": "CVE-2023-53084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Remove another errant put in error path\n\ndrm_gem_shmem_mmap() doesn\u0027t own reference in error code path, resulting\nin the dma-buf shmem GEM object getting prematurely freed leading to a\nlater use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53084",
"url": "https://www.suse.com/security/cve/CVE-2023-53084"
},
{
"category": "external",
"summary": "SUSE Bug 1242294 for CVE-2023-53084",
"url": "https://bugzilla.suse.com/1242294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53084"
},
{
"cve": "CVE-2023-53087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/active: Fix misuse of non-idle barriers as fence trackers\n\nUsers reported oopses on list corruptions when using i915 perf with a\nnumber of concurrently running graphics applications. Root cause analysis\npointed at an issue in barrier processing code -- a race among perf open /\nclose replacing active barriers with perf requests on kernel context and\nconcurrent barrier preallocate / acquire operations performed during user\ncontext first pin / last unpin.\n\nWhen adding a request to a composite tracker, we try to reuse an existing\nfence tracker, already allocated and registered with that composite. The\ntracker we obtain may already track another fence, may be an idle barrier,\nor an active barrier.\n\nIf the tracker we get occurs a non-idle barrier then we try to delete that\nbarrier from a list of barrier tasks it belongs to. However, while doing\nthat we don\u0027t respect return value from a function that performs the\nbarrier deletion. Should the deletion ever fail, we would end up reusing\nthe tracker still registered as a barrier task. Since the same structure\nfield is reused with both fence callback lists and barrier tasks list,\nlist corruptions would likely occur.\n\nBarriers are now deleted from a barrier tasks list by temporarily removing\nthe list content, traversing that content with skip over the node to be\ndeleted, then populating the list back with the modified content. Should\nthat intentionally racy concurrent deletion attempts be not serialized,\none or more of those may fail because of the list being temporary empty.\n\nRelated code that ignores the results of barrier deletion was initially\nintroduced in v5.4 by commit d8af05ff38ae (\"drm/i915: Allow sharing the\nidle-barrier from other kernel requests\"). However, all users of the\nbarrier deletion routine were apparently serialized at that time, then the\nissue didn\u0027t exhibit itself. Results of git bisect with help of a newly\ndeveloped igt@gem_barrier_race@remote-request IGT test indicate that list\ncorruptions might start to appear after commit 311770173fac (\"drm/i915/gt:\nSchedule request retirement when timeline idles\"), introduced in v5.5.\n\nRespect results of barrier deletion attempts -- mark the barrier as idle\nonly if successfully deleted from the list. Then, before proceeding with\nsetting our fence as the one currently tracked, make sure that the tracker\nwe\u0027ve got is not a non-idle barrier. If that check fails then don\u0027t use\nthat tracker but go back and try to acquire a new, usable one.\n\nv3: use unlikely() to document what outcome we expect (Andi),\n - fix bad grammar in commit description.\nv2: no code changes,\n - blame commit 311770173fac (\"drm/i915/gt: Schedule request retirement\n when timeline idles\"), v5.5, not commit d8af05ff38ae (\"drm/i915: Allow\n sharing the idle-barrier from other kernel requests\"), v5.4,\n - reword commit description.\n\n(cherry picked from commit 506006055769b10d1b2b4e22f636f3b45e0e9fc7)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53087",
"url": "https://www.suse.com/security/cve/CVE-2023-53087"
},
{
"category": "external",
"summary": "SUSE Bug 1242280 for CVE-2023-53087",
"url": "https://bugzilla.suse.com/1242280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53087"
},
{
"cve": "CVE-2023-53089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix task hung in ext4_xattr_delete_inode\n\nSyzbot reported a hung task problem:\n==================================================================\nINFO: task syz-executor232:5073 blocked for more than 143 seconds.\n Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004\nCall Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5244 [inline]\n __schedule+0x995/0xe20 kernel/sched/core.c:6555\n schedule+0xcb/0x190 kernel/sched/core.c:6631\n __wait_on_freeing_inode fs/inode.c:2196 [inline]\n find_inode_fast+0x35a/0x4c0 fs/inode.c:950\n iget_locked+0xb1/0x830 fs/inode.c:1273\n __ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861\n ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389\n ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148\n ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880\n ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296\n evict+0x2a4/0x620 fs/inode.c:664\n ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474\n __ext4_fill_super fs/ext4/super.c:5516 [inline]\n ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644\n get_tree_bdev+0x400/0x620 fs/super.c:1282\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fa5406fd5ea\nRSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea\nRDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970\nRBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432\nR10: 0000000000804a03 R11: 0000000000000202 R12: 0000000000000004\nR13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 0000000000000000\n \u003c/TASK\u003e\n==================================================================\n\nThe problem is that the inode contains an xattr entry with ea_inum of 15\nwhen cleaning up an orphan inode \u003c15\u003e. When evict inode \u003c15\u003e, the reference\ncounting of the corresponding EA inode is decreased. When EA inode \u003c15\u003e is\nfound by find_inode_fast() in __ext4_iget(), it is found that the EA inode\nholds the I_FREEING flag and waits for the EA inode to complete deletion.\nAs a result, when inode \u003c15\u003e is being deleted, we wait for inode \u003c15\u003e to\ncomplete the deletion, resulting in an infinite loop and triggering Hung\nTask. To solve this problem, we only need to check whether the ino of EA\ninode and parent is the same before getting EA inode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53089",
"url": "https://www.suse.com/security/cve/CVE-2023-53089"
},
{
"category": "external",
"summary": "SUSE Bug 1242744 for CVE-2023-53089",
"url": "https://bugzilla.suse.com/1242744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53089"
},
{
"cve": "CVE-2023-53090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix an illegal memory access\n\nIn the kfd_wait_on_events() function, the kfd_event_waiter structure is\nallocated by alloc_event_waiters(), but the event field of the waiter\nstructure is not initialized; When copy_from_user() fails in the\nkfd_wait_on_events() function, it will enter exception handling to\nrelease the previously allocated memory of the waiter structure;\nDue to the event field of the waiters structure being accessed\nin the free_waiters() function, this results in illegal memory access\nand system crash, here is the crash log:\n\nlocalhost kernel: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0\nlocalhost kernel: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082\nlocalhost kernel: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000\nlocalhost kernel: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0\nlocalhost kernel: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64\nlocalhost kernel: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002\nlocalhost kernel: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698\nlocalhost kernel: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000\nlocalhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nlocalhost kernel: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0\nlocalhost kernel: Call Trace:\nlocalhost kernel: _raw_spin_lock_irqsave+0x30/0x40\nlocalhost kernel: remove_wait_queue+0x12/0x50\nlocalhost kernel: kfd_wait_on_events+0x1b6/0x490 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: kfd_ioctl+0x38c/0x4a0 [hydcu]\nlocalhost kernel: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu]\nlocalhost kernel: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu]\nlocalhost kernel: ? ftrace_graph_caller+0xa0/0xa0\nlocalhost kernel: __x64_sys_ioctl+0x8e/0xd0\nlocalhost kernel: ? syscall_trace_enter.isra.18+0x143/0x1b0\nlocalhost kernel: do_syscall_64+0x33/0x80\nlocalhost kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9\nlocalhost kernel: RIP: 0033:0x152a4dff68d7\n\nAllocate the structure with kcalloc, and remove redundant 0-initialization\nand a redundant loop condition check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53090",
"url": "https://www.suse.com/security/cve/CVE-2023-53090"
},
{
"category": "external",
"summary": "SUSE Bug 1242753 for CVE-2023-53090",
"url": "https://bugzilla.suse.com/1242753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53090"
},
{
"cve": "CVE-2023-53091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: update s_journal_inum if it changes after journal replay\n\nWhen mounting a crafted ext4 image, s_journal_inum may change after journal\nreplay, which is obviously unreasonable because we have successfully loaded\nand replayed the journal through the old s_journal_inum. And the new\ns_journal_inum bypasses some of the checks in ext4_get_journal(), which\nmay trigger a null pointer dereference problem. So if s_journal_inum\nchanges after the journal replay, we ignore the change, and rewrite the\ncurrent journal_inum to the superblock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53091",
"url": "https://www.suse.com/security/cve/CVE-2023-53091"
},
{
"category": "external",
"summary": "SUSE Bug 1242767 for CVE-2023-53091",
"url": "https://bugzilla.suse.com/1242767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53091"
},
{
"cve": "CVE-2023-53092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53092"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: exynos: fix node leak in probe PM QoS error path\n\nMake sure to add the newly allocated interconnect node to the provider\nbefore adding the PM QoS request so that the node is freed on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53092",
"url": "https://www.suse.com/security/cve/CVE-2023-53092"
},
{
"category": "external",
"summary": "SUSE Bug 1242415 for CVE-2023-53092",
"url": "https://bugzilla.suse.com/1242415"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53092"
},
{
"cve": "CVE-2023-53093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53093"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not let histogram values have some modifiers\n\nHistogram values can not be strings, stacktraces, graphs, symbols,\nsyscalls, or grouped in buckets or log. Give an error if a value is set to\ndo so.\n\nNote, the histogram code was not prepared to handle these modifiers for\nhistograms and caused a bug.\n\nMark Rutland reported:\n\n # echo \u0027p:copy_to_user __arch_copy_to_user n=$arg2\u0027 \u003e\u003e /sys/kernel/tracing/kprobe_events\n # echo \u0027hist:keys=n:vals=hitcount.buckets=8:sort=hitcount\u0027 \u003e /sys/kernel/tracing/events/kprobes/copy_to_user/trigger\n # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist\n[ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 143.695190] Mem abort info:\n[ 143.695362] ESR = 0x0000000096000004\n[ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 143.695889] SET = 0, FnV = 0\n[ 143.696077] EA = 0, S1PTW = 0\n[ 143.696302] FSC = 0x04: level 0 translation fault\n[ 143.702381] Data abort info:\n[ 143.702614] ISV = 0, ISS = 0x00000004\n[ 143.702832] CM = 0, WnR = 0\n[ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000\n[ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 143.704714] Modules linked in:\n[ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3\n[ 143.706138] Hardware name: linux,dummy-virt (DT)\n[ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 143.707120] pc : hist_field_name.part.0+0x14/0x140\n[ 143.707504] lr : hist_field_name.part.0+0x104/0x140\n[ 143.707774] sp : ffff800008333a30\n[ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0\n[ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800\n[ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001\n[ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000\n[ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023\n[ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c\n[ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c\n[ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d\n[ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000\n[ 143.711746] Call trace:\n[ 143.712115] hist_field_name.part.0+0x14/0x140\n[ 143.712642] hist_field_name.part.0+0x104/0x140\n[ 143.712925] hist_field_print+0x28/0x140\n[ 143.713125] event_hist_trigger_print+0x174/0x4d0\n[ 143.713348] hist_show+0xf8/0x980\n[ 143.713521] seq_read_iter+0x1bc/0x4b0\n[ 143.713711] seq_read+0x8c/0xc4\n[ 143.713876] vfs_read+0xc8/0x2a4\n[ 143.714043] ksys_read+0x70/0xfc\n[ 143.714218] __arm64_sys_read+0x24/0x30\n[ 143.714400] invoke_syscall+0x50/0x120\n[ 143.714587] el0_svc_common.constprop.0+0x4c/0x100\n[ 143.714807] do_el0_svc+0x44/0xd0\n[ 143.714970] el0_svc+0x2c/0x84\n[ 143.715134] el0t_64_sync_handler+0xbc/0x140\n[ 143.715334] el0t_64_sync+0x190/0x194\n[ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000)\n[ 143.716510] ---[ end trace 0000000000000000 ]---\nSegmentation fault",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53093",
"url": "https://www.suse.com/security/cve/CVE-2023-53093"
},
{
"category": "external",
"summary": "SUSE Bug 1242279 for CVE-2023-53093",
"url": "https://bugzilla.suse.com/1242279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53093"
},
{
"cve": "CVE-2023-53095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix a NULL pointer dereference\n\nThe LRU mechanism may look up a resource in the process of being removed\nfrom an object. The locking rules here are a bit unclear but it looks\ncurrently like res-\u003ebo assignment is protected by the LRU lock, whereas\nbo-\u003eresource is protected by the object lock, while *clearing* of\nbo-\u003eresource is also protected by the LRU lock. This means that if\nwe check that bo-\u003eresource points to the LRU resource under the LRU\nlock we should be safe.\nSo perform that check before deciding to swap out a bo. That avoids\ndereferencing a NULL bo-\u003eresource in ttm_bo_swapout().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53095",
"url": "https://www.suse.com/security/cve/CVE-2023-53095"
},
{
"category": "external",
"summary": "SUSE Bug 1242278 for CVE-2023-53095",
"url": "https://bugzilla.suse.com/1242278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53095"
},
{
"cve": "CVE-2023-53096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: fix mem leak when freeing nodes\n\nThe node link array is allocated when adding links to a node but is not\ndeallocated when nodes are destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53096",
"url": "https://www.suse.com/security/cve/CVE-2023-53096"
},
{
"category": "external",
"summary": "SUSE Bug 1242289 for CVE-2023-53096",
"url": "https://bugzilla.suse.com/1242289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53096"
},
{
"cve": "CVE-2023-53098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53098"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: gpio-ir-recv: add remove function\n\nIn case runtime PM is enabled, do runtime PM clean up to remove\ncpu latency qos request, otherwise driver removal may have below\nkernel dump:\n\n[ 19.463299] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000048\n[ 19.472161] Mem abort info:\n[ 19.474985] ESR = 0x0000000096000004\n[ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 19.484081] SET = 0, FnV = 0\n[ 19.487149] EA = 0, S1PTW = 0\n[ 19.490361] FSC = 0x04: level 0 translation fault\n[ 19.495256] Data abort info:\n[ 19.498149] ISV = 0, ISS = 0x00000004\n[ 19.501997] CM = 0, WnR = 0\n[ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000\n[ 19.511432] [0000000000000048] pgd=0000000000000000,\np4d=0000000000000000\n[ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last\nunloaded: rc_core]\n[ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted\n6.2.0-rc1-00028-g2c397a46d47c #72\n[ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS\nBTYPE=--)\n[ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110\n[ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30\n[gpio_ir_recv]\n[ 19.557294] sp : ffff800008ce3740\n[ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27:\nffff800008ce3d50\n[ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24:\nffffc7e3f9ef0e30\n[ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21:\n0000000000000008\n[ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18:\nffffffffffffffff\n[ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15:\nffffffffffffffff\n[ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12:\n0000000000000001\n[ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 :\n0000000000000008\n[ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 :\n000000000f0bfe9f\n[ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 :\nffff006180382010\n[ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 :\n0000000000000020\n[ 19.638548] Call trace:\n[ 19.640995] cpu_latency_qos_remove_request+0x20/0x110\n[ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv]\n[ 19.652339] pm_generic_runtime_suspend+0x2c/0x44\n[ 19.657055] __rpm_callback+0x48/0x1dc\n[ 19.660807] rpm_callback+0x6c/0x80\n[ 19.664301] rpm_suspend+0x10c/0x640\n[ 19.667880] rpm_idle+0x250/0x2d0\n[ 19.671198] update_autosuspend+0x38/0xe0\n[ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60\n[ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv]\n[ 19.685941] platform_probe+0x68/0xc0\n[ 19.689610] really_probe+0xc0/0x3dc\n[ 19.693189] __driver_probe_device+0x7c/0x190\n[ 19.697550] driver_probe_device+0x3c/0x110\n[ 19.701739] __driver_attach+0xf4/0x200\n[ 19.705578] bus_for_each_dev+0x70/0xd0\n[ 19.709417] driver_attach+0x24/0x30\n[ 19.712998] bus_add_driver+0x17c/0x240\n[ 19.716834] driver_register+0x78/0x130\n[ 19.720676] __platform_driver_register+0x28/0x34\n[ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv]\n[ 19.731404] do_one_initcall+0x44/0x2ac\n[ 19.735243] do_init_module+0x48/0x1d0\n[ 19.739003] load_module+0x19fc/0x2034\n[ 19.742759] __do_sys_finit_module+0xac/0x12c\n[ 19.747124] __arm64_sys_finit_module+0x20/0x30\n[ 19.751664] invoke_syscall+0x48/0x114\n[ 19.755420] el0_svc_common.constprop.0+0xcc/0xec\n[ 19.760132] do_el0_svc+0x38/0xb0\n[ 19.763456] el0_svc+0x2c/0x84\n[ 19.766516] el0t_64_sync_handler+0xf4/0x120\n[ 19.770789] el0t_64_sync+0x190/0x194\n[ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400)\n[ 19.780556] ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53098",
"url": "https://www.suse.com/security/cve/CVE-2023-53098"
},
{
"category": "external",
"summary": "SUSE Bug 1242779 for CVE-2023-53098",
"url": "https://bugzilla.suse.com/1242779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53098"
},
{
"cve": "CVE-2023-53099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: xilinx: don\u0027t make a sleepable memory allocation from an atomic context\n\nThe following issue was discovered using lockdep:\n[ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209\n[ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0\n[ 6.702431] 2 locks held by swapper/0/1:\n[ 6.706300] #0: ffffff8800f6f188 (\u0026dev-\u003emutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90\n[ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140\n[ 6.723156] irq event stamp: 304030\n[ 6.726596] hardirqs last enabled at (304029): [\u003cffffffc008d17ee0\u003e] _raw_spin_unlock_irqrestore+0xc0/0xd0\n[ 6.736142] hardirqs last disabled at (304030): [\u003cffffffc00876bc5c\u003e] clk_enable_lock+0xfc/0x140\n[ 6.744742] softirqs last enabled at (303958): [\u003cffffffc0080904f0\u003e] _stext+0x4f0/0x894\n[ 6.752655] softirqs last disabled at (303951): [\u003cffffffc0080e53b8\u003e] irq_exit+0x238/0x280\n[ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2\n[ 6.768048] Hardware name: xlnx,zynqmp (DT)\n[ 6.772179] Call trace:\n[ 6.774584] dump_backtrace+0x0/0x300\n[ 6.778197] show_stack+0x18/0x30\n[ 6.781465] dump_stack_lvl+0xb8/0xec\n[ 6.785077] dump_stack+0x1c/0x38\n[ 6.788345] ___might_sleep+0x1a8/0x2a0\n[ 6.792129] __might_sleep+0x6c/0xd0\n[ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0\n[ 6.800127] do_feature_check_call+0x100/0x220\n[ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0\n[ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0\n[ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120\n[ 6.817327] zynqmp_pll_enable+0x38/0xc0\n[ 6.821197] clk_core_enable+0x144/0x400\n[ 6.825067] clk_core_enable+0xd4/0x400\n[ 6.828851] clk_core_enable+0xd4/0x400\n[ 6.832635] clk_core_enable+0xd4/0x400\n[ 6.836419] clk_core_enable+0xd4/0x400\n[ 6.840203] clk_core_enable+0xd4/0x400\n[ 6.843987] clk_core_enable+0xd4/0x400\n[ 6.847771] clk_core_enable+0xd4/0x400\n[ 6.851555] clk_core_enable_lock+0x24/0x50\n[ 6.855683] clk_enable+0x24/0x40\n[ 6.858952] fclk_probe+0x84/0xf0\n[ 6.862220] platform_probe+0x8c/0x110\n[ 6.865918] really_probe+0x110/0x5f0\n[ 6.869530] __driver_probe_device+0xcc/0x210\n[ 6.873830] driver_probe_device+0x64/0x140\n[ 6.877958] __driver_attach+0x114/0x1f0\n[ 6.881828] bus_for_each_dev+0xe8/0x160\n[ 6.885698] driver_attach+0x34/0x50\n[ 6.889224] bus_add_driver+0x228/0x300\n[ 6.893008] driver_register+0xc0/0x1e0\n[ 6.896792] __platform_driver_register+0x44/0x60\n[ 6.901436] fclk_driver_init+0x1c/0x28\n[ 6.905220] do_one_initcall+0x104/0x590\n[ 6.909091] kernel_init_freeable+0x254/0x2bc\n[ 6.913390] kernel_init+0x24/0x130\n[ 6.916831] ret_from_fork+0x10/0x20\n\nFix it by passing the GFP_ATOMIC gfp flag for the corresponding\nmemory allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53099",
"url": "https://www.suse.com/security/cve/CVE-2023-53099"
},
{
"category": "external",
"summary": "SUSE Bug 1242399 for CVE-2023-53099",
"url": "https://bugzilla.suse.com/1242399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53099"
},
{
"cve": "CVE-2023-53100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix WARNING in ext4_update_inline_data\n\nSyzbot found the following issue:\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.\nfscrypt: AES-256-CTS-CBC using implementation \"cts-cbc-aes-aesni\"\nfscrypt: AES-256-XTS using implementation \"xts-aes-aesni\"\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nModules linked in:\nCPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525\nRSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246\nRAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000\nRDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248\nRBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220\nR10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40\nR13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c\nFS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __alloc_pages_node include/linux/gfp.h:237 [inline]\n alloc_pages_node include/linux/gfp.h:260 [inline]\n __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113\n __do_kmalloc_node mm/slab_common.c:956 [inline]\n __kmalloc+0xfe/0x190 mm/slab_common.c:981\n kmalloc include/linux/slab.h:584 [inline]\n kzalloc include/linux/slab.h:720 [inline]\n ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346\n ext4_update_inline_dir fs/ext4/inline.c:1115 [inline]\n ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307\n ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385\n ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772\n ext4_create+0x36c/0x560 fs/ext4/namei.c:2817\n lookup_open fs/namei.c:3413 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x12ac/0x2dd0 fs/namei.c:3711\n do_filp_open+0x264/0x4f0 fs/namei.c:3741\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_openat fs/open.c:1342 [inline]\n __se_sys_openat fs/open.c:1337 [inline]\n __x64_sys_openat+0x243/0x290 fs/open.c:1337\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAbove issue happens as follows:\next4_iget\n ext4_find_inline_data_nolock -\u003ei_inline_off=164 i_inline_size=60\next4_try_add_inline_entry\n __ext4_mark_inode_dirty\n ext4_expand_extra_isize_ea -\u003ei_extra_isize=32 s_want_extra_isize=44\n ext4_xattr_shift_entries\n\t -\u003eafter shift i_inline_off is incorrect, actually is change to 176\next4_try_add_inline_entry\n ext4_update_inline_dir\n get_max_inline_xattr_value_size\n if (EXT4_I(inode)-\u003ei_inline_off)\n\tentry = (struct ext4_xattr_entry *)((void *)raw_inode +\n\t\t\tEXT4_I(inode)-\u003ei_inline_off);\n free += EXT4_XATTR_SIZE(le32_to_cpu(entry-\u003ee_value_size));\n\t-\u003eAs entry is incorrect, then \u0027free\u0027 may be negative\n ext4_update_inline_data\n value = kzalloc(len, GFP_NOFS);\n -\u003e len is unsigned int, maybe very large, then trigger warning when\n \u0027kzalloc()\u0027\n\nTo resolve the above issue we need to update \u0027i_inline_off\u0027 after\n\u0027ext4_xattr_shift_entries()\u0027. We do not need to set\nEXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty()\nalready sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA\nwhen it is needed may trigger a BUG_ON in ext4_writepages().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53100",
"url": "https://www.suse.com/security/cve/CVE-2023-53100"
},
{
"category": "external",
"summary": "SUSE Bug 1242790 for CVE-2023-53100",
"url": "https://bugzilla.suse.com/1242790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53100"
},
{
"cve": "CVE-2023-53101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: zero i_disksize when initializing the bootloader inode\n\nIf the boot loader inode has never been used before, the\nEXT4_IOC_SWAP_BOOT inode will initialize it, including setting the\ni_size to 0. However, if the \"never before used\" boot loader has a\nnon-zero i_size, then i_disksize will be non-zero, and the\ninconsistency between i_size and i_disksize can trigger a kernel\nwarning:\n\n WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319\n CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa\n RIP: 0010:ext4_file_write_iter+0xbc7/0xd10\n Call Trace:\n vfs_write+0x3b1/0x5c0\n ksys_write+0x77/0x160\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x39/0x80\n\nReproducer:\n 1. create corrupted image and mount it:\n mke2fs -t ext4 /tmp/foo.img 200\n debugfs -wR \"sif \u003c5\u003e size 25700\" /tmp/foo.img\n mount -t ext4 /tmp/foo.img /mnt\n cd /mnt\n echo 123 \u003e file\n 2. Run the reproducer program:\n posix_memalign(\u0026buf, 1024, 1024)\n fd = open(\"file\", O_RDWR | O_DIRECT);\n ioctl(fd, EXT4_IOC_SWAP_BOOT);\n write(fd, buf, 1024);\n\nFix this by setting i_disksize as well as i_size to zero when\ninitiaizing the boot loader inode.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53101",
"url": "https://www.suse.com/security/cve/CVE-2023-53101"
},
{
"category": "external",
"summary": "SUSE Bug 1242791 for CVE-2023-53101",
"url": "https://bugzilla.suse.com/1242791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53101"
},
{
"cve": "CVE-2023-53102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: disable txq irq before flushing hw\n\nice_qp_dis() intends to stop a given queue pair that is a target of xsk\npool attach/detach. One of the steps is to disable interrupts on these\nqueues. It currently is broken in a way that txq irq is turned off\n*after* HW flush which in turn takes no effect.\n\nice_qp_dis():\n-\u003e ice_qvec_dis_irq()\n--\u003e disable rxq irq\n--\u003e flush hw\n-\u003e ice_vsi_stop_tx_ring()\n--\u003edisable txq irq\n\nBelow splat can be triggered by following steps:\n- start xdpsock WITHOUT loading xdp prog\n- run xdp_rxq_info with XDP_TX action on this interface\n- start traffic\n- terminate xdpsock\n\n[ 256.312485] BUG: kernel NULL pointer dereference, address: 0000000000000018\n[ 256.319560] #PF: supervisor read access in kernel mode\n[ 256.324775] #PF: error_code(0x0000) - not-present page\n[ 256.329994] PGD 0 P4D 0\n[ 256.332574] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 256.337006] CPU: 3 PID: 32 Comm: ksoftirqd/3 Tainted: G OE 6.2.0-rc5+ #51\n[ 256.345218] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[ 256.355807] RIP: 0010:ice_clean_rx_irq_zc+0x9c/0x7d0 [ice]\n[ 256.361423] Code: b7 8f 8a 00 00 00 66 39 ca 0f 84 f1 04 00 00 49 8b 47 40 4c 8b 24 d0 41 0f b7 45 04 66 25 ff 3f 66 89 04 24 0f 84 85 02 00 00 \u003c49\u003e 8b 44 24 18 0f b7 14 24 48 05 00 01 00 00 49 89 04 24 49 89 44\n[ 256.380463] RSP: 0018:ffffc900088bfd20 EFLAGS: 00010206\n[ 256.385765] RAX: 000000000000003c RBX: 0000000000000035 RCX: 000000000000067f\n[ 256.393012] RDX: 0000000000000775 RSI: 0000000000000000 RDI: ffff8881deb3ac80\n[ 256.400256] RBP: 000000000000003c R08: ffff889847982710 R09: 0000000000010000\n[ 256.407500] R10: ffffffff82c060c0 R11: 0000000000000004 R12: 0000000000000000\n[ 256.414746] R13: ffff88811165eea0 R14: ffffc9000d255000 R15: ffff888119b37600\n[ 256.421990] FS: 0000000000000000(0000) GS:ffff8897e0cc0000(0000) knlGS:0000000000000000\n[ 256.430207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 256.436036] CR2: 0000000000000018 CR3: 0000000005c0a006 CR4: 00000000007706e0\n[ 256.443283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 256.450527] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 256.457770] PKRU: 55555554\n[ 256.460529] Call Trace:\n[ 256.463015] \u003cTASK\u003e\n[ 256.465157] ? ice_xmit_zc+0x6e/0x150 [ice]\n[ 256.469437] ice_napi_poll+0x46d/0x680 [ice]\n[ 256.473815] ? _raw_spin_unlock_irqrestore+0x1b/0x40\n[ 256.478863] __napi_poll+0x29/0x160\n[ 256.482409] net_rx_action+0x136/0x260\n[ 256.486222] __do_softirq+0xe8/0x2e5\n[ 256.489853] ? smpboot_thread_fn+0x2c/0x270\n[ 256.494108] run_ksoftirqd+0x2a/0x50\n[ 256.497747] smpboot_thread_fn+0x1c1/0x270\n[ 256.501907] ? __pfx_smpboot_thread_fn+0x10/0x10\n[ 256.506594] kthread+0xea/0x120\n[ 256.509785] ? __pfx_kthread+0x10/0x10\n[ 256.513597] ret_from_fork+0x29/0x50\n[ 256.517238] \u003c/TASK\u003e\n\nIn fact, irqs were not disabled and napi managed to be scheduled and run\nwhile xsk_pool pointer was still valid, but SW ring of xdp_buff pointers\nwas already freed.\n\nTo fix this, call ice_qvec_dis_irq() after ice_vsi_stop_tx_ring(). Also\nwhile at it, remove redundant ice_clean_rx_ring() call - this is handled\nin ice_qp_clean_rings().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53102",
"url": "https://www.suse.com/security/cve/CVE-2023-53102"
},
{
"category": "external",
"summary": "SUSE Bug 1242393 for CVE-2023-53102",
"url": "https://bugzilla.suse.com/1242393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53102"
},
{
"cve": "CVE-2023-53105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix cleanup null-ptr deref on encap lock\n\nDuring module is unloaded while a peer tc flow is still offloaded,\nfirst the peer uplink rep profile is changed to a nic profile, and so\nneigh encap lock is destroyed. Next during unload, the VF reps netdevs\nare unregistered which causes the original non-peer tc flow to be deleted,\nwhich deletes the peer flow. The peer flow deletion detaches the encap\nentry and try to take the already destroyed encap lock, causing the\nbelow trace.\n\nFix this by clearing peer flows during tc eswitch cleanup\n(mlx5e_tc_esw_cleanup()).\n\nRelevant trace:\n[ 4316.837128] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[ 4316.842239] RIP: 0010:__mutex_lock+0xb5/0xc40\n[ 4316.851897] Call Trace:\n[ 4316.852481] \u003cTASK\u003e\n[ 4316.857214] mlx5e_rep_neigh_entry_release+0x93/0x790 [mlx5_core]\n[ 4316.858258] mlx5e_rep_encap_entry_detach+0xa7/0xf0 [mlx5_core]\n[ 4316.859134] mlx5e_encap_dealloc+0xa3/0xf0 [mlx5_core]\n[ 4316.859867] clean_encap_dests.part.0+0x5c/0xe0 [mlx5_core]\n[ 4316.860605] mlx5e_tc_del_fdb_flow+0x32a/0x810 [mlx5_core]\n[ 4316.862609] __mlx5e_tc_del_fdb_peer_flow+0x1a2/0x250 [mlx5_core]\n[ 4316.863394] mlx5e_tc_del_flow+0x(/0x630 [mlx5_core]\n[ 4316.864090] mlx5e_flow_put+0x5f/0x100 [mlx5_core]\n[ 4316.864771] mlx5e_delete_flower+0x4de/0xa40 [mlx5_core]\n[ 4316.865486] tc_setup_cb_reoffload+0x20/0x80\n[ 4316.865905] fl_reoffload+0x47c/0x510 [cls_flower]\n[ 4316.869181] tcf_block_playback_offloads+0x91/0x1d0\n[ 4316.869649] tcf_block_unbind+0xe7/0x1b0\n[ 4316.870049] tcf_block_offload_cmd.isra.0+0x1ee/0x270\n[ 4316.879266] tcf_block_offload_unbind+0x61/0xa0\n[ 4316.879711] __tcf_block_put+0xa4/0x310",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53105",
"url": "https://www.suse.com/security/cve/CVE-2023-53105"
},
{
"category": "external",
"summary": "SUSE Bug 1242400 for CVE-2023-53105",
"url": "https://bugzilla.suse.com/1242400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53105"
},
{
"cve": "CVE-2023-53106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: st-nci: Fix use after free bug in ndlc_remove due to race condition\n\nThis bug influences both st_nci_i2c_remove and st_nci_spi_remove.\nTake st_nci_i2c_remove as an example.\n\nIn st_nci_i2c_probe, it called ndlc_probe and bound \u0026ndlc-\u003esm_work\nwith llt_ndlc_sm_work.\n\nWhen it calls ndlc_recv or timeout handler, it will finally call\nschedule_work to start the work.\n\nWhen we call st_nci_i2c_remove to remove the driver, there\nmay be a sequence as follows:\n\nFix it by finishing the work before cleanup in ndlc_remove\n\nCPU0 CPU1\n\n |llt_ndlc_sm_work\nst_nci_i2c_remove |\n ndlc_remove |\n st_nci_remove |\n nci_free_device|\n kfree(ndev) |\n//free ndlc-\u003endev |\n |llt_ndlc_rcv_queue\n |nci_recv_frame\n |//use ndlc-\u003endev",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53106",
"url": "https://www.suse.com/security/cve/CVE-2023-53106"
},
{
"category": "external",
"summary": "SUSE Bug 1242215 for CVE-2023-53106",
"url": "https://bugzilla.suse.com/1242215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53106"
},
{
"cve": "CVE-2023-53108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Fix size of interrupt data\n\niucv_irq_data needs to be 4 bytes larger.\nThese bytes are not used by the iucv module, but written by\nthe z/VM hypervisor in case a CPU is deconfigured.\n\nReported as:\nBUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten\n-----------------------------------------------------------------------------\n0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc\nAllocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1\n__kmem_cache_alloc_node+0x166/0x450\nkmalloc_node_trace+0x3a/0x70\niucv_cpu_prepare+0x44/0xd0\ncpuhp_invoke_callback+0x156/0x2f0\ncpuhp_issue_call+0xf0/0x298\n__cpuhp_setup_state_cpuslocked+0x136/0x338\n__cpuhp_setup_state+0xf4/0x288\niucv_init+0xf4/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nFreed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1\n__kmem_cache_free+0x308/0x358\niucv_init+0x92/0x280\ndo_one_initcall+0x78/0x390\ndo_initcalls+0x11a/0x140\nkernel_init_freeable+0x25e/0x2a0\nkernel_init+0x2e/0x170\n__ret_from_fork+0x3c/0x58\nret_from_fork+0xa/0x40\nSlab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0|\nObject 0x0000000000400540 @offset=1344 fp=0x0000000000000000\nRedzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nObject 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................\nObject 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................\nObject 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................\nObject 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................\nRedzone 0000000000400580: cc cc cc cc cc cc cc cc ........\nPadding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ\nPadding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ\nCPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1\nHardware name: IBM 3931 A01 704 (z/VM 7.3.0)\nCall Trace:\n[\u003c000000032aa034ec\u003e] dump_stack_lvl+0xac/0x100\n[\u003c0000000329f5a6cc\u003e] check_bytes_and_report+0x104/0x140\n[\u003c0000000329f5aa78\u003e] check_object+0x370/0x3c0\n[\u003c0000000329f5ede6\u003e] free_debug_processing+0x15e/0x348\n[\u003c0000000329f5f06a\u003e] free_to_partial_list+0x9a/0x2f0\n[\u003c0000000329f5f4a4\u003e] __slab_free+0x1e4/0x3a8\n[\u003c0000000329f61768\u003e] __kmem_cache_free+0x308/0x358\n[\u003c000000032a91465c\u003e] iucv_cpu_dead+0x6c/0x88\n[\u003c0000000329c2fc66\u003e] cpuhp_invoke_callback+0x156/0x2f0\n[\u003c000000032aa062da\u003e] _cpu_down.constprop.0+0x22a/0x5e0\n[\u003c0000000329c3243e\u003e] cpu_device_down+0x4e/0x78\n[\u003c000000032a61dee0\u003e] device_offline+0xc8/0x118\n[\u003c000000032a61e048\u003e] online_store+0x60/0xe0\n[\u003c000000032a08b6b0\u003e] kernfs_fop_write_iter+0x150/0x1e8\n[\u003c0000000329fab65c\u003e] vfs_write+0x174/0x360\n[\u003c0000000329fab9fc\u003e] ksys_write+0x74/0x100\n[\u003c000000032aa03a5a\u003e] __do_syscall+0x1da/0x208\n[\u003c000000032aa177b2\u003e] system_call+0x82/0xb0\nINFO: lockdep is turned off.\nFIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc\nFIX dma-kmalloc-64: Object at 0x0000000000400540 not freed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53108",
"url": "https://www.suse.com/security/cve/CVE-2023-53108"
},
{
"category": "external",
"summary": "SUSE Bug 1242422 for CVE-2023-53108",
"url": "https://bugzilla.suse.com/1242422"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53108"
},
{
"cve": "CVE-2023-53109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53109"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tunnels: annotate lockless accesses to dev-\u003eneeded_headroom\n\nIP tunnels can apparently update dev-\u003eneeded_headroom\nin their xmit path.\n\nThis patch takes care of three tunnels xmit, and also the\ncore LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA()\nhelpers.\n\nMore changes might be needed for completeness.\n\nBUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit\n\nread to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1:\nip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430\ndst_output include/net/dst.h:444 [inline]\nip_local_out+0x64/0x80 net/ipv4/ip_output.c:126\niptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813\n__gre_xmit net/ipv4/ip_gre.c:469 [inline]\nipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661\n__netdev_start_xmit include/linux/netdevice.h:4881 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4895 [inline]\nxmit_one net/core/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596\n__dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246\ndev_queue_xmit include/linux/netdevice.h:3051 [inline]\nneigh_direct_output+0x17/0x20 net/core/neighbour.c:1623\nneigh_output include/net/neighbour.h:546 [inline]\nip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228\nip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316\nNF_HOOK_COND include/linux/netfilter.h:291 [inline]\nip_output+0xe5/0x1b0 net/i\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53109",
"url": "https://www.suse.com/security/cve/CVE-2023-53109"
},
{
"category": "external",
"summary": "SUSE Bug 1242405 for CVE-2023-53109",
"url": "https://bugzilla.suse.com/1242405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53109"
},
{
"cve": "CVE-2023-53111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Fix use-after-free issues\n\ndo_req_filebacked() calls blk_mq_complete_request() synchronously or\nasynchronously when using asynchronous I/O unless memory allocation fails.\nHence, modify loop_handle_cmd() such that it does not dereference \u0027cmd\u0027 nor\n\u0027rq\u0027 after do_req_filebacked() finished unless we are sure that the request\nhas not yet been completed. This patch fixes the following kernel crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000054\nCall trace:\n css_put.42938+0x1c/0x1ac\n loop_process_work+0xc8c/0xfd4\n loop_rootcg_workfn+0x24/0x34\n process_one_work+0x244/0x558\n worker_thread+0x400/0x8fc\n kthread+0x16c/0x1e0\n ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53111",
"url": "https://www.suse.com/security/cve/CVE-2023-53111"
},
{
"category": "external",
"summary": "SUSE Bug 1242428 for CVE-2023-53111",
"url": "https://bugzilla.suse.com/1242428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53111"
},
{
"cve": "CVE-2023-53112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/sseu: fix max_subslices array-index-out-of-bounds access\n\nIt seems that commit bc3c5e0809ae (\"drm/i915/sseu: Don\u0027t try to store EU\nmask internally in UAPI format\") exposed a potential out-of-bounds\naccess, reported by UBSAN as following on a laptop with a gen 11 i915\ncard:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intel_sseu.c:65:27\n index 6 is out of range for type \u0027u16 [6]\u0027\n CPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu\n Hardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022\n Call Trace:\n \u003cTASK\u003e\n show_stack+0x4e/0x61\n dump_stack_lvl+0x4a/0x6f\n dump_stack+0x10/0x18\n ubsan_epilogue+0x9/0x3a\n __ubsan_handle_out_of_bounds.cold+0x42/0x47\n gen11_compute_sseu_info+0x121/0x130 [i915]\n intel_sseu_info_init+0x15d/0x2b0 [i915]\n intel_gt_init_mmio+0x23/0x40 [i915]\n i915_driver_mmio_probe+0x129/0x400 [i915]\n ? intel_gt_probe_all+0x91/0x2e0 [i915]\n i915_driver_probe+0xe1/0x3f0 [i915]\n ? drm_privacy_screen_get+0x16d/0x190 [drm]\n ? acpi_dev_found+0x64/0x80\n i915_pci_probe+0xac/0x1b0 [i915]\n ...\n\nAccording to the definition of sseu_dev_info, eu_mask-\u003ehsw is limited to\na maximum of GEN_MAX_SS_PER_HSW_SLICE (6) sub-slices, but\ngen11_sseu_info_init() can potentially set 8 sub-slices, in the\n!IS_JSL_EHL(gt-\u003ei915) case.\n\nFix this by reserving up to 8 slots for max_subslices in the eu_mask\nstruct.\n\n(cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53112",
"url": "https://www.suse.com/security/cve/CVE-2023-53112"
},
{
"category": "external",
"summary": "SUSE Bug 1242410 for CVE-2023-53112",
"url": "https://bugzilla.suse.com/1242410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53112"
},
{
"cve": "CVE-2023-53114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53114"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix kernel crash during reboot when adapter is in recovery mode\n\nIf the driver detects during probe that firmware is in recovery\nmode then i40e_init_recovery_mode() is called and the rest of\nprobe function is skipped including pci_set_drvdata(). Subsequent\ni40e_shutdown() called during shutdown/reboot dereferences NULL\npointer as pci_get_drvdata() returns NULL.\n\nTo fix call pci_set_drvdata() also during entering to recovery mode.\n\nReproducer:\n1) Lets have i40e NIC with firmware in recovery mode\n2) Run reboot\n\nResult:\n[ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver\n[ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation.\n[ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality.\n[ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0\n[ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality.\n[ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.\n[ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]\n[ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0\n...\n[ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2\n[ 156.318330] #PF: supervisor write access in kernel mode\n[ 156.323546] #PF: error_code(0x0002) - not-present page\n[ 156.328679] PGD 0 P4D 0\n[ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1\n[ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022\n[ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e]\n[ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 \u003cf0\u003e 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00\n[ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282\n[ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001\n[ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000\n[ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40\n[ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000\n[ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000\n[ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000\n[ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0\n[ 156.438944] PKRU: 55555554\n[ 156.441647] Call Trace:\n[ 156.444096] \u003cTASK\u003e\n[ 156.446199] pci_device_shutdown+0x38/0x60\n[ 156.450297] device_shutdown+0x163/0x210\n[ 156.454215] kernel_restart+0x12/0x70\n[ 156.457872] __do_sys_reboot+0x1ab/0x230\n[ 156.461789] ? vfs_writev+0xa6/0x1a0\n[ 156.465362] ? __pfx_file_free_rcu+0x10/0x10\n[ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0\n[ 156.475034] do_syscall_64+0x3e/0x90\n[ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 156.483658] RIP: 0033:0x7fe7bff37ab7",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53114",
"url": "https://www.suse.com/security/cve/CVE-2023-53114"
},
{
"category": "external",
"summary": "SUSE Bug 1242398 for CVE-2023-53114",
"url": "https://bugzilla.suse.com/1242398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53114"
},
{
"cve": "CVE-2023-53116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid potential UAF in nvmet_req_complete()\n\nAn nvme target -\u003equeue_response() operation implementation may free the\nrequest passed as argument. Such implementation potentially could result\nin a use after free of the request pointer when percpu_ref_put() is\ncalled in nvmet_req_complete().\n\nAvoid such problem by using a local variable to save the sq pointer\nbefore calling __nvmet_req_complete(), thus avoiding dereferencing the\nreq pointer after that function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53116",
"url": "https://www.suse.com/security/cve/CVE-2023-53116"
},
{
"category": "external",
"summary": "SUSE Bug 1242411 for CVE-2023-53116",
"url": "https://bugzilla.suse.com/1242411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53116"
},
{
"cve": "CVE-2023-53118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53118"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix a procfs host directory removal regression\n\nscsi_proc_hostdir_rm() decreases a reference counter and hence must only be\ncalled once per host that is removed. This change does not require a\nscsi_add_host_with_dma() change since scsi_add_host_with_dma() will return\n0 (success) if scsi_proc_host_add() is called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53118",
"url": "https://www.suse.com/security/cve/CVE-2023-53118"
},
{
"category": "external",
"summary": "SUSE Bug 1242365 for CVE-2023-53118",
"url": "https://bugzilla.suse.com/1242365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53118"
},
{
"cve": "CVE-2023-53119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: initialize struct pn533_out_arg properly\n\nstruct pn533_out_arg used as a temporary context for out_urb is not\ninitialized properly. Its uninitialized \u0027phy\u0027 field can be dereferenced in\nerror cases inside pn533_out_complete() callback function. It causes the\nfollowing failure:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nRIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441\nCall Trace:\n \u003cIRQ\u003e\n __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671\n usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754\n dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700\n expire_timers+0x234/0x330 kernel/time/timer.c:1751\n __run_timers kernel/time/timer.c:2022 [inline]\n __run_timers kernel/time/timer.c:1995 [inline]\n run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035\n __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571\n invoke_softirq kernel/softirq.c:445 [inline]\n __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650\n irq_exit_rcu+0x9/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107\n\nInitialize the field with the pn533_usb_phy currently used.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53119",
"url": "https://www.suse.com/security/cve/CVE-2023-53119"
},
{
"category": "external",
"summary": "SUSE Bug 1242370 for CVE-2023-53119",
"url": "https://bugzilla.suse.com/1242370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53119"
},
{
"cve": "CVE-2023-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: s390: Fix use-after-free of PCI resources with per-function hotplug\n\nOn s390 PCI functions may be hotplugged individually even when they\nbelong to a multi-function device. In particular on an SR-IOV device VFs\nmay be removed and later re-added.\n\nIn commit a50297cf8235 (\"s390/pci: separate zbus creation from\nscanning\") it was missed however that struct pci_bus and struct\nzpci_bus\u0027s resource list retained a reference to the PCI functions MMIO\nresources even though those resources are released and freed on\nhot-unplug. These stale resources may subsequently be claimed when the\nPCI function re-appears resulting in use-after-free.\n\nOne idea of fixing this use-after-free in s390 specific code that was\ninvestigated was to simply keep resources around from the moment a PCI\nfunction first appeared until the whole virtual PCI bus created for\na multi-function device disappears. The problem with this however is\nthat due to the requirement of artificial MMIO addreesses (address\ncookies) extra logic is then needed to keep the address cookies\ncompatible on re-plug. At the same time the MMIO resources semantically\nbelong to the PCI function so tying their lifecycle to the function\nseems more logical.\n\nInstead a simpler approach is to remove the resources of an individually\nhot-unplugged PCI function from the PCI bus\u0027s resource list while\nkeeping the resources of other PCI functions on the PCI bus untouched.\n\nThis is done by introducing pci_bus_remove_resource() to remove an\nindividual resource. Similarly the resource also needs to be removed\nfrom the struct zpci_bus\u0027s resource list. It turns out however, that\nthere is really no need to add the MMIO resources to the struct\nzpci_bus\u0027s resource list at all and instead we can simply use the\nzpci_bar_struct\u0027s resource pointer directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53123",
"url": "https://www.suse.com/security/cve/CVE-2023-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1242403 for CVE-2023-53123",
"url": "https://bugzilla.suse.com/1242403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53123"
},
{
"cve": "CVE-2023-53124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()\n\nPort is allocated by sas_port_alloc_num() and rphy is allocated by either\nsas_end_device_alloc() or sas_expander_alloc(), all of which may return\nNULL. So we need to check the rphy to avoid possible NULL pointer access.\n\nIf sas_rphy_add() returned with failure, rphy is set to NULL. We would\naccess the rphy in the following lines which would also result NULL pointer\naccess.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53124",
"url": "https://www.suse.com/security/cve/CVE-2023-53124"
},
{
"category": "external",
"summary": "SUSE Bug 1242165 for CVE-2023-53124",
"url": "https://bugzilla.suse.com/1242165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53124"
},
{
"cve": "CVE-2023-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Limit packet length to skb-\u003elen\n\nPacket length retrieved from skb data may be larger than\nthe actual socket buffer length (up to 9026 bytes). In such\ncase the cloned skb passed up the network stack will leak\nkernel memory contents.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53125",
"url": "https://www.suse.com/security/cve/CVE-2023-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1242285 for CVE-2023-53125",
"url": "https://bugzilla.suse.com/1242285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53125"
},
{
"cve": "CVE-2023-53128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53128"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix throttle_groups memory leak\n\nAdd a missing kfree().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53128",
"url": "https://www.suse.com/security/cve/CVE-2023-53128"
},
{
"category": "external",
"summary": "SUSE Bug 1242381 for CVE-2023-53128",
"url": "https://bugzilla.suse.com/1242381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53128"
},
{
"cve": "CVE-2023-53131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53131"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a server shutdown leak\n\nFix a race where kthread_stop() may prevent the threadfn from ever getting\ncalled. If that happens the svc_rqst will not be cleaned up.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53131",
"url": "https://www.suse.com/security/cve/CVE-2023-53131"
},
{
"category": "external",
"summary": "SUSE Bug 1242377 for CVE-2023-53131",
"url": "https://bugzilla.suse.com/1242377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53131"
},
{
"cve": "CVE-2023-53134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Avoid order-5 memory allocation for TPA data\n\nThe driver needs to keep track of all the possible concurrent TPA (GRO/LRO)\ncompletions on the aggregation ring. On P5 chips, the maximum number\nof concurrent TPA is 256 and the amount of memory we allocate is order-5\non systems using 4K pages. Memory allocation failure has been reported:\n\nNetworkManager: page allocation failure: order:5, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1\nCPU: 15 PID: 2995 Comm: NetworkManager Kdump: loaded Not tainted 5.10.156 #1\nHardware name: Dell Inc. PowerEdge R660/0M1CC5, BIOS 0.2.25 08/12/2022\nCall Trace:\n dump_stack+0x57/0x6e\n warn_alloc.cold.120+0x7b/0xdd\n ? _cond_resched+0x15/0x30\n ? __alloc_pages_direct_compact+0x15f/0x170\n __alloc_pages_slowpath.constprop.108+0xc58/0xc70\n __alloc_pages_nodemask+0x2d0/0x300\n kmalloc_order+0x24/0xe0\n kmalloc_order_trace+0x19/0x80\n bnxt_alloc_mem+0x1150/0x15c0 [bnxt_en]\n ? bnxt_get_func_stat_ctxs+0x13/0x60 [bnxt_en]\n __bnxt_open_nic+0x12e/0x780 [bnxt_en]\n bnxt_open+0x10b/0x240 [bnxt_en]\n __dev_open+0xe9/0x180\n __dev_change_flags+0x1af/0x220\n dev_change_flags+0x21/0x60\n do_setlink+0x35c/0x1100\n\nInstead of allocating this big chunk of memory and dividing it up for the\nconcurrent TPA instances, allocate each small chunk separately for each\nTPA instance. This will reduce it to order-0 allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53134",
"url": "https://www.suse.com/security/cve/CVE-2023-53134"
},
{
"category": "external",
"summary": "SUSE Bug 1242380 for CVE-2023-53134",
"url": "https://bugzilla.suse.com/1242380"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53134"
},
{
"cve": "CVE-2023-53137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53137"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: Fix possible corruption when moving a directory\n\nWhen we are renaming a directory to a different directory, we need to\nupdate \u0027..\u0027 entry in the moved directory. However nothing prevents moved\ndirectory from being modified and even converted from the inline format\nto the normal format. When such race happens the rename code gets\nconfused and we crash. Fix the problem by locking the moved directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53137",
"url": "https://www.suse.com/security/cve/CVE-2023-53137"
},
{
"category": "external",
"summary": "SUSE Bug 1242358 for CVE-2023-53137",
"url": "https://bugzilla.suse.com/1242358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53137"
},
{
"cve": "CVE-2023-53139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties\n\ndevm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause\nout-of-bounds write in device_property_read_u8_array later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53139",
"url": "https://www.suse.com/security/cve/CVE-2023-53139"
},
{
"category": "external",
"summary": "SUSE Bug 1242361 for CVE-2023-53139",
"url": "https://bugzilla.suse.com/1242361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53139"
},
{
"cve": "CVE-2023-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Remove the /proc/scsi/${proc_name} directory earlier\n\nRemove the /proc/scsi/${proc_name} directory earlier to fix a race\ncondition between unloading and reloading kernel modules. This fixes a bug\nintroduced in 2009 by commit 77c019768f06 (\"[SCSI] fix /proc memory leak in\nthe SCSI core\").\n\nFix the following kernel warning:\n\nproc_dir_entry \u0027scsi/scsi_debug\u0027 already registered\nWARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_register+0x27d/0x2e0\nCall Trace:\n proc_mkdir+0xb5/0xe0\n scsi_proc_hostdir_add+0xb5/0x170\n scsi_host_alloc+0x683/0x6c0\n sdebug_driver_probe+0x6b/0x2d0 [scsi_debug]\n really_probe+0x159/0x540\n __driver_probe_device+0xdc/0x230\n driver_probe_device+0x4f/0x120\n __device_attach_driver+0xef/0x180\n bus_for_each_drv+0xe5/0x130\n __device_attach+0x127/0x290\n device_initial_probe+0x17/0x20\n bus_probe_device+0x110/0x130\n device_add+0x673/0xc80\n device_register+0x1e/0x30\n sdebug_add_host_helper+0x1a7/0x3b0 [scsi_debug]\n scsi_debug_init+0x64f/0x1000 [scsi_debug]\n do_one_initcall+0xd7/0x470\n do_init_module+0xe7/0x330\n load_module+0x122a/0x12c0\n __do_sys_finit_module+0x124/0x1a0\n __x64_sys_finit_module+0x46/0x50\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53140",
"url": "https://www.suse.com/security/cve/CVE-2023-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1242372 for CVE-2023-53140",
"url": "https://bugzilla.suse.com/1242372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53140"
},
{
"cve": "CVE-2023-53142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: copy last block omitted in ice_get_module_eeprom()\n\nice_get_module_eeprom() is broken since commit e9c9692c8a81 (\"ice:\nReimplement module reads used by ethtool\") In this refactor,\nice_get_module_eeprom() reads the eeprom in blocks of size 8.\nBut the condition that should protect the buffer overflow\nignores the last block. The last block always contains zeros.\n\nBug uncovered by ethtool upstream commit 9538f384b535\n(\"netlink: eeprom: Defer page requests to individual parsers\")\nAfter this commit, ethtool reads a block with length = 1;\nto read the SFF-8024 identifier value.\n\nunpatched driver:\n$ ethtool -m enp65s0f0np0 offset 0x90 length 8\nOffset Values\n------ ------\n0x0090: 00 00 00 00 00 00 00 00\n$ ethtool -m enp65s0f0np0 offset 0x90 length 12\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c 00 00 00 00\n$\n\n$ ethtool -m enp65s0f0np0\nOffset Values\n------ ------\n0x0000: 11 06 06 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 08 00\n0x0070: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\npatched driver:\n$ ethtool -m enp65s0f0np0 offset 0x90 length 8\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c\n$ ethtool -m enp65s0f0np0 offset 0x90 length 12\nOffset Values\n------ ------\n0x0090: 00 00 01 a0 4d 65 6c 6c 61 6e 6f 78\n$ ethtool -m enp65s0f0np0\n Identifier : 0x11 (QSFP28)\n Extended identifier : 0x00\n Extended identifier description : 1.5W max. Power consumption\n Extended identifier description : No CDR in TX, No CDR in RX\n Extended identifier description : High Power Class (\u003e 3.5 W) not enabled\n Connector : 0x23 (No separable connector)\n Transceiver codes : 0x88 0x00 0x00 0x00 0x00 0x00 0x00 0x00\n Transceiver type : 40G Ethernet: 40G Base-CR4\n Transceiver type : 25G Ethernet: 25G Base-CR CA-N\n Encoding : 0x05 (64B/66B)\n BR, Nominal : 25500Mbps\n Rate identifier : 0x00\n Length (SMF,km) : 0km\n Length (OM3 50um) : 0m\n Length (OM2 50um) : 0m\n Length (OM1 62.5um) : 0m\n Length (Copper or Active cable) : 1m\n Transmitter technology : 0xa0 (Copper cable unequalized)\n Attenuation at 2.5GHz : 4db\n Attenuation at 5.0GHz : 5db\n Attenuation at 7.0GHz : 7db\n Attenuation at 12.9GHz : 10db\n ........\n ....",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53142",
"url": "https://www.suse.com/security/cve/CVE-2023-53142"
},
{
"category": "external",
"summary": "SUSE Bug 1242282 for CVE-2023-53142",
"url": "https://bugzilla.suse.com/1242282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53142"
},
{
"cve": "CVE-2023-53143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53143"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix another off-by-one fsmap error on 1k block filesystems\n\nApparently syzbot figured out that issuing this FSMAP call:\n\nstruct fsmap_head cmd = {\n\t.fmh_count\t= ...;\n\t.fmh_keys\t= {\n\t\t{ .fmr_device = /* ext4 dev */, .fmr_physical = 0, },\n\t\t{ .fmr_device = /* ext4 dev */, .fmr_physical = 0, },\n\t},\n...\n};\nret = ioctl(fd, FS_IOC_GETFSMAP, \u0026cmd);\n\nProduces this crash if the underlying filesystem is a 1k-block ext4\nfilesystem:\n\nkernel BUG at fs/ext4/ext4.h:3331!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 3 PID: 3227965 Comm: xfs_io Tainted: G W O 6.2.0-rc8-achx\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:ext4_mb_load_buddy_gfp+0x47c/0x570 [ext4]\nRSP: 0018:ffffc90007c03998 EFLAGS: 00010246\nRAX: ffff888004978000 RBX: ffffc90007c03a20 RCX: ffff888041618000\nRDX: 0000000000000000 RSI: 00000000000005a4 RDI: ffffffffa0c99b11\nRBP: ffff888012330000 R08: ffffffffa0c2b7d0 R09: 0000000000000400\nR10: ffffc90007c03950 R11: 0000000000000000 R12: 0000000000000001\nR13: 00000000ffffffff R14: 0000000000000c40 R15: ffff88802678c398\nFS: 00007fdf2020c880(0000) GS:ffff88807e100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffd318a5fe8 CR3: 000000007f80f001 CR4: 00000000001706e0\nCall Trace:\n \u003cTASK\u003e\n ext4_mballoc_query_range+0x4b/0x210 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_getfsmap_datadev+0x713/0x890 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_getfsmap+0x2b7/0x330 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n ext4_ioc_getfsmap+0x153/0x2b0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n __ext4_ioctl+0x2a7/0x17e0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80]\n __x64_sys_ioctl+0x82/0xa0\n do_syscall_64+0x2b/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf20558aff\nRSP: 002b:00007ffd318a9e30 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00000000000200c0 RCX: 00007fdf20558aff\nRDX: 00007fdf1feb2010 RSI: 00000000c0c0583b RDI: 0000000000000003\nRBP: 00005625c0634be0 R08: 00005625c0634c40 R09: 0000000000000001\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf1feb2010\nR13: 00005625be70d994 R14: 0000000000000800 R15: 0000000000000000\n\nFor GETFSMAP calls, the caller selects a physical block device by\nwriting its block number into fsmap_head.fmh_keys[01].fmr_device.\nTo query mappings for a subrange of the device, the starting byte of the\nrange is written to fsmap_head.fmh_keys[0].fmr_physical and the last\nbyte of the range goes in fsmap_head.fmh_keys[1].fmr_physical.\n\nIOWs, to query what mappings overlap with bytes 3-14 of /dev/sda, you\u0027d\nset the inputs as follows:\n\n\tfmh_keys[0] = { .fmr_device = major(8, 0), .fmr_physical = 3},\n\tfmh_keys[1] = { .fmr_device = major(8, 0), .fmr_physical = 14},\n\nWhich would return you whatever is mapped in the 12 bytes starting at\nphysical offset 3.\n\nThe crash is due to insufficient range validation of keys[1] in\next4_getfsmap_datadev. On 1k-block filesystems, block 0 is not part of\nthe filesystem, which means that s_first_data_block is nonzero.\next4_get_group_no_and_offset subtracts this quantity from the blocknr\nargument before cracking it into a group number and a block number\nwithin a group. IOWs, block group 0 spans blocks 1-8192 (1-based)\ninstead of 0-8191 (0-based) like what happens with larger blocksizes.\n\nThe net result of this encoding is that blocknr \u003c s_first_data_block is\nnot a valid input to this function. The end_fsb variable is set from\nthe keys that are copied from userspace, which means that in the above\nexample, its value is zero. That leads to an underflow here:\n\n\tblocknr = blocknr - le32_to_cpu(es-\u003es_first_data_block);\n\nThe division then operates on -1:\n\n\toffset = do_div(blocknr, EXT4_BLOCKS_PER_GROUP(sb)) \u003e\u003e\n\t\tEXT4_SB(sb)-\u003es_cluster_bits;\n\nLeaving an impossibly large group number (2^32-1) in blocknr.\next4_getfsmap_check_keys checked that keys[0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53143",
"url": "https://www.suse.com/security/cve/CVE-2023-53143"
},
{
"category": "external",
"summary": "SUSE Bug 1242276 for CVE-2023-53143",
"url": "https://bugzilla.suse.com/1242276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-53143"
},
{
"cve": "CVE-2023-53145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition\n\nIn btsdio_probe, the data-\u003ework is bound with btsdio_work. It will be\nstarted in btsdio_send_frame.\n\nIf the btsdio_remove runs with a unfinished work, there may be a race\ncondition that hdev is freed but used in btsdio_work. Fix it by\ncanceling the work before do cleanup in btsdio_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53145",
"url": "https://www.suse.com/security/cve/CVE-2023-53145"
},
{
"category": "external",
"summary": "SUSE Bug 1243047 for CVE-2023-53145",
"url": "https://bugzilla.suse.com/1243047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-53145"
},
{
"cve": "CVE-2024-26804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: prevent perpetual headroom growth\n\nsyzkaller triggered following kasan splat:\nBUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\nRead of size 1 at addr ffff88812fb4000e by task syz-executor183/5191\n[..]\n kasan_report+0xda/0x110 mm/kasan/report.c:588\n __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\n skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]\n ___skb_get_hash net/core/flow_dissector.c:1791 [inline]\n __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856\n skb_get_hash include/linux/skbuff.h:1556 [inline]\n ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748\n ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592\n ...\n ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n ..\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831\n ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n ...\n\nThe splat occurs because skb-\u003edata points past skb-\u003ehead allocated area.\nThis is because neigh layer does:\n __skb_pull(skb, skb_network_offset(skb));\n\n... but skb_network_offset() returns a negative offset and __skb_pull()\narg is unsigned. IOW, we skb-\u003edata gets \"adjusted\" by a huge value.\n\nThe negative value is returned because skb-\u003ehead and skb-\u003edata distance is\nmore than 64k and skb-\u003enetwork_header (u16) has wrapped around.\n\nThe bug is in the ip_tunnel infrastructure, which can cause\ndev-\u003eneeded_headroom to increment ad infinitum.\n\nThe syzkaller reproducer consists of packets getting routed via a gre\ntunnel, and route of gre encapsulated packets pointing at another (ipip)\ntunnel. The ipip encapsulation finds gre0 as next output device.\n\nThis results in the following pattern:\n\n1). First packet is to be sent out via gre0.\nRoute lookup found an output device, ipip0.\n\n2).\nip_tunnel_xmit for gre0 bumps gre0-\u003eneeded_headroom based on the future\noutput device, rt.dev-\u003eneeded_headroom (ipip0).\n\n3).\nip output / start_xmit moves skb on to ipip0. which runs the same\ncode path again (xmit recursion).\n\n4).\nRouting step for the post-gre0-encap packet finds gre0 as output device\nto use for ipip0 encapsulated packet.\n\ntunl0-\u003eneeded_headroom is then incremented based on the (already bumped)\ngre0 device headroom.\n\nThis repeats for every future packet:\n\ngre0-\u003eneeded_headroom gets inflated because previous packets\u0027 ipip0 step\nincremented rt-\u003edev (gre0) headroom, and ipip0 incremented because gre0\nneeded_headroom was increased.\n\nFor each subsequent packet, gre/ipip0-\u003eneeded_headroom grows until\npost-expand-head reallocations result in a skb-\u003ehead/data distance of\nmore than 64k.\n\nOnce that happens, skb-\u003enetwork_header (u16) wraps around when\npskb_expand_head tries to make sure that skb_network_offset() is unchanged\nafter the headroom expansion/reallocation.\n\nAfter this skb_network_offset(skb) returns a different (and negative)\nresult post headroom expansion.\n\nThe next trip to neigh layer (or anything else that would __skb_pull the\nnetwork header) makes skb-\u003edata point to a memory location outside\nskb-\u003ehead area.\n\nv2: Cap the needed_headroom update to an arbitarily chosen upperlimit to\nprevent perpetual increase instead of dropping the headroom increment\ncompletely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26804",
"url": "https://www.suse.com/security/cve/CVE-2024-26804"
},
{
"category": "external",
"summary": "SUSE Bug 1222629 for CVE-2024-26804",
"url": "https://bugzilla.suse.com/1222629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2024-26804"
},
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2024-56558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: make sure exp active before svc_export_show\n\nThe function `e_show` was called with protection from RCU. This only\nensures that `exp` will not be freed. Therefore, the reference count for\n`exp` can drop to zero, which will trigger a refcount use-after-free\nwarning when `exp_get` is called. To resolve this issue, use\n`cache_get_rcu` to ensure that `exp` remains active.\n\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 819 at lib/refcount.c:25\nrefcount_warn_saturate+0xb1/0x120\nCPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb1/0x120\n...\nCall Trace:\n \u003cTASK\u003e\n e_show+0x20b/0x230 [nfsd]\n seq_read_iter+0x589/0x770\n seq_read+0x1e5/0x270\n vfs_read+0x125/0x530\n ksys_read+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56558",
"url": "https://www.suse.com/security/cve/CVE-2024-56558"
},
{
"category": "external",
"summary": "SUSE Bug 1235100 for CVE-2024-56558",
"url": "https://bugzilla.suse.com/1235100"
},
{
"category": "external",
"summary": "SUSE Bug 1243648 for CVE-2024-56558",
"url": "https://bugzilla.suse.com/1243648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2024-56558"
},
{
"cve": "CVE-2025-21999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: fix UAF in proc_get_inode()\n\nFix race between rmmod and /proc/XXX\u0027s inode instantiation.\n\nThe bug is that pde-\u003eproc_ops don\u0027t belong to /proc, it belongs to a\nmodule, therefore dereferencing it after /proc entry has been registered\nis a bug unless use_pde/unuse_pde() pair has been used.\n\nuse_pde/unuse_pde can be avoided (2 atomic ops!) because pde-\u003eproc_ops\nnever changes so information necessary for inode instantiation can be\nsaved _before_ proc_register() in PDE itself and used later, avoiding\npde-\u003eproc_ops-\u003e... dereference.\n\n rmmod lookup\nsys_delete_module\n proc_lookup_de\n\t\t\t pde_get(de);\n\t\t\t proc_get_inode(dir-\u003ei_sb, de);\n mod-\u003eexit()\n proc_remove\n remove_proc_subtree\n proc_entry_rundown(de);\n free_module(mod);\n\n if (S_ISREG(inode-\u003ei_mode))\n\t if (de-\u003eproc_ops-\u003eproc_read_iter)\n --\u003e As module is already freed, will trigger UAF\n\nBUG: unable to handle page fault for address: fffffbfff80a702b\nPGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nRIP: 0010:proc_get_inode+0x302/0x6e0\nRSP: 0018:ffff88811c837998 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007\nRDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158\nRBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20\nR10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0\nR13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001\nFS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n proc_lookup_de+0x11f/0x2e0\n __lookup_slow+0x188/0x350\n walk_component+0x2ab/0x4f0\n path_lookupat+0x120/0x660\n filename_lookup+0x1ce/0x560\n vfs_statx+0xac/0x150\n __do_sys_newstat+0x96/0x110\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[adobriyan@gmail.com: don\u0027t do 2 atomic ops on the common path]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21999",
"url": "https://www.suse.com/security/cve/CVE-2025-21999"
},
{
"category": "external",
"summary": "SUSE Bug 1240802 for CVE-2025-21999",
"url": "https://bugzilla.suse.com/1240802"
},
{
"category": "external",
"summary": "SUSE Bug 1242579 for CVE-2025-21999",
"url": "https://bugzilla.suse.com/1242579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2025-21999"
},
{
"cve": "CVE-2025-22056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tunnel: fix geneve_opt type confusion addition\n\nWhen handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the\nparsing logic should place every geneve_opt structure one by one\ncompactly. Hence, when deciding the next geneve_opt position, the\npointer addition should be in units of char *.\n\nHowever, the current implementation erroneously does type conversion\nbefore the addition, which will lead to heap out-of-bounds write.\n\n[ 6.989857] ==================================================================\n[ 6.990293] BUG: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70\n[ 6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178\n[ 6.991162]\n[ 6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1\n[ 6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 6.992281] Call Trace:\n[ 6.992423] \u003cTASK\u003e\n[ 6.992586] dump_stack_lvl+0x44/0x5c\n[ 6.992801] print_report+0x184/0x4be\n[ 6.993790] kasan_report+0xc5/0x100\n[ 6.994252] kasan_check_range+0xf3/0x1a0\n[ 6.994486] memcpy+0x38/0x60\n[ 6.994692] nft_tunnel_obj_init+0x977/0xa70\n[ 6.995677] nft_obj_init+0x10c/0x1b0\n[ 6.995891] nf_tables_newobj+0x585/0x950\n[ 6.996922] nfnetlink_rcv_batch+0xdf9/0x1020\n[ 6.998997] nfnetlink_rcv+0x1df/0x220\n[ 6.999537] netlink_unicast+0x395/0x530\n[ 7.000771] netlink_sendmsg+0x3d0/0x6d0\n[ 7.001462] __sock_sendmsg+0x99/0xa0\n[ 7.001707] ____sys_sendmsg+0x409/0x450\n[ 7.002391] ___sys_sendmsg+0xfd/0x170\n[ 7.003145] __sys_sendmsg+0xea/0x170\n[ 7.004359] do_syscall_64+0x5e/0x90\n[ 7.005817] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 7.006127] RIP: 0033:0x7ec756d4e407\n[ 7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[ 7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n[ 7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407\n[ 7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003\n[ 7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000\n[ 7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\n[ 7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8\n\nFix this bug with correct pointer addition and conversion in parse\nand dump code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22056",
"url": "https://www.suse.com/security/cve/CVE-2025-22056"
},
{
"category": "external",
"summary": "SUSE Bug 1241525 for CVE-2025-22056",
"url": "https://bugzilla.suse.com/1241525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-22056"
},
{
"cve": "CVE-2025-23145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\n\nCall trace:\n\n mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n ip_local_deliver (./net/ipv4/ip_input.c:254)\n ip_rcv_finish (./net/ipv4/ip_input.c:449)\n ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23145",
"url": "https://www.suse.com/security/cve/CVE-2025-23145"
},
{
"category": "external",
"summary": "SUSE Bug 1242596 for CVE-2025-23145",
"url": "https://bugzilla.suse.com/1242596"
},
{
"category": "external",
"summary": "SUSE Bug 1242882 for CVE-2025-23145",
"url": "https://bugzilla.suse.com/1242882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "important"
}
],
"title": "CVE-2025-23145"
},
{
"cve": "CVE-2025-37789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37789"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt\u0027s not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header. Check that the attribute is OK first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37789",
"url": "https://www.suse.com/security/cve/CVE-2025-37789"
},
{
"category": "external",
"summary": "SUSE Bug 1242762 for CVE-2025-37789",
"url": "https://bugzilla.suse.com/1242762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.97.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.97.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.97.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-16T14:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-37789"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…