csaf_suse - suse-su-2025:01972-1

suse-su-2025:01972-1

Vulnerability from csaf_suse

Published
2025-06-17 11:37
Modified
2025-06-17 11:37
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192). - CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305). - CVE-2025-22094: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' (bsc#1241512). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23154: io_uring/net: fix io_req_post_cqe abuse by send bundle (bsc#1242533). - CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507). - CVE-2025-37747: kABI workaround for perf-Fix-hang-while-freeing-sigtrap-event (References: bsc#1242520). - CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510). - CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506). - CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852). - CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854). - CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856). - CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867). - CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875). - CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860). - CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951). - CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944). - CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519). - CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547). - CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ACPI: PPTT: Fix processor subtable walk (git-fixes). - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: seq: Fix delivery of UMP events to group ports (git-fixes). - ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes). - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes). - ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes). - Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes). - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes). - Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes). - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes). - Fix write to cloned skb in ipv6_hop_ioam() (git-fixes). - HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes). - HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes). - IB/cm: use rwlock for MAD agent lock (git-fixes) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: cyttsp5 - fix power control issue on wakeup (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes). - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes). - Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes). - Input: xpad - fix Share button on Xbox One controllers (stable-fixes). - Input: xpad - fix two controller table values (git-fixes). - KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest (bsc#1242205 ltc#212592). - KVM: SVM: Allocate IR data using atomic allocation (git-fixes). - KVM: SVM: Do not change target vCPU state on AP Creation VMGEXIT error (git-fixes). - KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes). - KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest had an invalid VMSA (git-fixes). - KVM: SVM: Save host DR masks on CPUs with DebugSwap (jsc#PED-348). - KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes). - KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes). - KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes). - KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes). - KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes). - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes). - KVM: arm64: Mark some header functions as inline (git-fixes). - KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes). - KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes). - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes). - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes). - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes). - KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes). - KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes). - KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes). - KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes). - KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes). - KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657). - KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658). - KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload() (git-fixes). - KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes). - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes). - KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run() (git-fixes). - KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes). - KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes). - KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes). - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes). - KVM: x86: Make x2APIC ID 100% readonly (git-fixes). - KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes). - KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes). - KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes). - KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected (git-fixes). - Move upstreamed sound patch into sorted section - Move upstreamed tpm patch into sorted section - NFS: O_DIRECT writes must check and adjust the file length (git-fixes). - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes). - NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes). - NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes). - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes) - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes) - RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes) - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes) - Readd patches.kabi/md-md_personality-workaround-v2.patch dropped in merge by accident. - Refresh fixes for cBPF issue (bsc#1242778) - Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.7 - Revert 'drm/amd/display: Hardware cursor changes color when switched to software cursor' (stable-fixes). - Revert 'drm/amd: Keep display off while going into S4' (git-fixes). - Revert 'drm/amd: Stop evicting resources on APUs in suspend' (stable-fixes). - Revert 'rndis_host: Flag RNDIS modems as WWAN devices' (git-fixes). - Sort ITS patches - Squashfs: check return result of sb_min_blocksize (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - Update patches.suse/nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149). - Update patches.suse/nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149). - Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes). - add bug reference for an existing hv_netvsc change (bsc#1243737). - afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes). - afs: Make it possible to find the volumes that are using a server (git-fixes). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778). - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes) - arm64: insn: Add support for encoding DSB (bsc#1242778). - arm64: insn: Add support for encoding DSB (git-fixes) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778). - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes) - arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778). - arm64: proton-pack: Expose whether the branchy loop k value (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778). - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes). - bnxt_en: Fix coredump logic to free allocated buffer (git-fixes). - bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes). - bnxt_en: Fix ethtool selftest output in one of the failure cases (git-fixes). - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes). - bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() (git-fixes). - bnxt_en: fix module unload sequence (git-fixes). - bnxt_en: improve TX timestamping FIFO configuration (git-fixes). - bonding: fix incorrect MAC address setting to receive NS messages (git-fixes). - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes). - bpf: Scrub packet on bpf_redirect_peer (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). Both spellings are actually used - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - btrfs: adjust subpage bit start based on sectorsize (bsc#1241492). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208). - btrfs: avoid monopolizing a core when activating a swap file (git-fixes). - btrfs: do not loop for nowait writes when checking for cross references (git-fixes). - btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes). - btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012). - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes). - can: bcm: add locking for bcm_op runtime updates (git-fixes). - can: bcm: add missing rcu read protection for procfs content (git-fixes). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - can: slcan: allow reception of short error messages (git-fixes). - check-for-config-changes: Fix flag name typo - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - cifs: reduce warning log level for server not advertising interfaces (git-fixes). - crypto: algif_hash - fix double free in hash_accept (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports (bsc#1242125). - devlink: fix port new reply cmd type (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: fix a warning on invalid table line (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dma-buf: insert memory barrier before updating num_fences (git-fixes). - dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes). - dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes). - dmaengine: idxd: Fix ->poll() return value (git-fixes). - dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes). - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mediatek: drop unused variable (git-fixes). - dmaengine: ti: k3-udma: Add missing locking (git-fixes). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Avoid flooding unnecessary info messages (git-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes). - drm/amd/display: Fix invalid context error in dml helper (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes). - drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes). - drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu/vcn: using separate VCN1_AON_SOC offset (stable-fixes). - drm/amdgpu: Fix offset for HDP remap in nbio v7.11 (stable-fixes). - drm/amdgpu: Increase KIQ invalidate_tlbs timeout (stable-fixes). - drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes). - drm/amdgpu: Use the right function for hdp flush (stable-fixes). - drm/amdgpu: fix pm notifier handling (git-fixes). - drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes). - drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 (stable-fixes). - drm/edid: fixed the bug that hdr metadata was not reset (git-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/mipi-dbi: Fix blanking for non-16 bit formats (git-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/tests: shmem: Fix memleak (git-fixes). - drm/v3d: Add job to pending list if the reset was skipped (stable-fixes). - drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs (git-fixes). - drm/xe/tests/mocs: Update xe_force_wake_get() return handling (stable-fixes). - drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 (stable-fixes). - drm/xe: Add page queue multiplier (git-fixes). - drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (git-fixes). - ethtool: ntuple: fix rss + ring_cookie check (git-fixes). - ethtool: rss: fix hiding unsupported fields in dumps (git-fixes). - exfat: fix potential wrong error return from get_block (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes). - hv_netvsc: Remove rmsg_pgcnt (git-fixes). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes). - i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes). - idpf: fix offloads support for encapsulated packets (git-fixes). - idpf: fix potential memory leak on kcalloc() failure (git-fixes). - idpf: protect shutdown from reset (git-fixes). - igc: fix lock order in igc_ptp_reset (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - inetpeer: remove create argument of inet_getpeer_v() (git-fixes). - inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes). - io_uring/sqpoll: Increase task_work submission batch size (bsc#1238585). - iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (bsc#1243341) - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4/route: avoid unused-but-set-variable warning (git-fixes). - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes). - ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes). - ipv4: Fix incorrect source address in Record Route option (git-fixes). - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes). - ipv4: fix source address selection with route leak (git-fixes). - ipv4: give an IPv4 dev to blackhole_netdev (git-fixes). - ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes). - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes). - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes). - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes). - ipv6: Align behavior across nexthops during path selection (git-fixes). - ipv6: Do not consider link down nexthops in path selection (git-fixes). - ipv6: Start path selection from the first nexthop (git-fixes). - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - iwlwifi: correct modinfo firmware ucode (bsc#1243020). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993). - jiffies: Define secs_to_jiffies() (bsc#1242993). - kernel-obs-qa: Use srchash for dependency as well - loop: Add sanity check for read/write_iter (git-fixes). - loop: aio inherit the ioprio of original request (git-fixes). - loop: do not require ->write_iter for writable files in loop_configure (git-fixes). - md/raid1,raid10: do not ignore IO flags (git-fixes). - md/raid10: fix missing discard IO accounting (git-fixes). - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes). - md/raid5: implement pers->bitmap_sector() (git-fixes). - md: add a new callback pers->bitmap_sector() (git-fixes). - md: ensure resync is prioritized over recovery (git-fixes). - md: fix mddev uaf while iterating all_mddevs list (git-fixes). - md: preserve KABI in struct md_personality v2 (git-fixes). - media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes). - mei: me: add panther lake H DID (stable-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - mtd: phram: Add the kernel lock down check (bsc#1232649). - neighbour: delete redundant judgment statements (git-fixes). - net/handshake: Fix handshake_req_destroy_test1 (git-fixes). - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes). - net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes). - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes). - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes). - net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes). - net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes). - net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes). - net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover (git-fixes). - net/mlx5e: TC, Continue the attr process even if encap entry is invalid (git-fixes). - net/mlx5e: Use custom tunnel header for vxlan gbp (git-fixes). - net: Add non-RCU dev_getbyhwaddr() helper (git-fixes). - net: Clear old fragment checksum value in napi_reuse_skb (git-fixes). - net: Handle napi_schedule() calls from non-interrupt (git-fixes). - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes). - net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes). - net: do not dump stack on queue timeout (git-fixes). - net: free_netdev: exit earlier if dummy (bsc#1243215). - net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes). - net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes). - net: qede: Initialize qede_ll_ops with designated initializer (git-fixes). - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes). - net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes). - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netdev-genl: avoid empty messages in queue dump (git-fixes). - netdev: fix repeated netlink messages in queue dump (git-fixes). - netlink: annotate data-races around sk->sk_err (git-fixes). - netlink: specs: tc: all actions are indexed arrays (git-fixes). - netlink: specs: tc: fix a couple of attribute names (git-fixes). - netpoll: Ensure clean state on setup failures (git-fixes). - nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes). - nfsd: add list_head nf_gc to struct nfsd_file (git-fixes). - nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes). - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096). - nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes). - nvme-tcp: fix premature queue removal and I/O failover (git-fixes). - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes). - nvme: Add 'partial_nid' quirk (bsc#1241148). - nvme: Add warning when a partiually unique NID is detected (bsc#1241148). - nvme: fixup scan failure for non-ANA multipath controllers (git-fixes). - nvme: multipath: fix return value of nvme_available_path (git-fixes). - nvme: re-read ANA log page after ns scan completes (git-fixes). - nvme: requeue namespace scan on missed AENs (git-fixes). - nvme: unblock ctrl state transition for firmware update (git-fixes). - nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes). - nvmet-fc: inline nvmet_fc_free_hostport (git-fixes). - nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes). - nvmet-fc: take tgtport reference only once (git-fixes). - nvmet-fc: update tgtport ref per assoc (git-fixes). - nvmet-fcloop: Remove remote port from list when unlinking (git-fixes). - nvmet-fcloop: add ref counting to lport (git-fixes). - nvmet-fcloop: replace kref with refcount (git-fixes). - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes). - objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - octeontx2-pf: Do not reallocate all ntuple filters (git-fixes). - octeontx2-pf: Fix ethtool support for SDP representors (git-fixes). - octeontx2-pf: qos: fix VF root node parent queue index (git-fixes). - padata: do not leak refcount in reorder_work (git-fixes). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: Fix error handling in tegra_xusb_port_init (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes). - phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes). - phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes). - phy: tegra: xusb: remove a stray unlock (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes). - powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes). - powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view (jsc#PED-10539 git-fixes). - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555). - powerpc: Do not use --- in kernel logs (git-fixes). - qibfs: fix _another_ leak (git-fixes) - rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes) - rcu/tasks: Handle new PF_IDLE semantics (git-fixes) - rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes) - rcu: Introduce rcu_cpu_online() (git-fixes) - regulator: max20086: fix invalid memory access (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - s390/ap: Fix CCA crypto card behavior within protected execution environment (git-fixes bsc#1243817 LTC#213623). - s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805). - s390/cpumf: Update CPU Measurement facility extended counter set support (bsc#1243115). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes). - s390: Add z17 elf platform (bsc#1243116). - sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (BSC#1241319). - sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (bsc#1241319). - sched/topology: Refinement to topology_span_sane speedup (bsc#1242119). - sched/topology: improve topology_span_sane speed (bsc#1242119). - sched: Add deprecation warning for users of RT_GROUP_SCHED (jsc#PED-11761 jsc#PED-12405). - scsi: Improve CDL control (git-fixes). - scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993). - scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993). - scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993). - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993). - scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993). - scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993). - scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993). - scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993). - scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993). - scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966). - scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (bsc#1241388 jsc#PED-11258). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: megaraid_sas: Driver version update to 07.734.00.00-rc1 (bsc#1241388 jsc#PED-11258). - scsi: megaraid_sas: Make most module parameters static (bsc#1241388 jsc#PED-11258). - scsi: mpi3mr: Add level check to control event logging (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Avoid reply queue full condition (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Check admin reply queue from Watchdog (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Fix pending I/O counter (git-fixes). - scsi: mpi3mr: Fix spelling mistake 'skiping' -> 'skipping' (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Handling of fault code for insufficient power (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Reset the pending interrupt flag (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Support for Segmented Hardware Trace buffer (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Synchronize access to ioctl data buffer (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Task Abort EH Support (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update MPI Headers to revision 35 (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update driver version to 8.12.0.3.50 (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update driver version to 8.12.1.0.50 (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update driver version to 8.13.0.5.50 (bsc#1241388 jsc#PED-12372). - scsi: mpi3mr: Update timestamp only for supervisor IOCs (bsc#1241388 jsc#PED-12372). - scsi: mpt3sas: Add details to EEDPTagMode error message (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Add support for MCTP Passthrough commands (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Fix buffer overflow in mpt3sas_send_mctp_passthru_req() (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Fix spelling mistake 'receveid' -> 'received' (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Remove unused config functions (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Report driver capability as part of IOCINFO command (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Send a diag reset if target reset fails (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: Update MPI headers to 02.00.62 version (bsc#1241388 jsc#PED-11253). - scsi: mpt3sas: update driver version to 52.100.00.00 (bsc#1241388 jsc#PED-11253). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qla2xxx: Fix typos in a comment (bsc#1243090). - scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090). - scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090). - scsi: qla2xxx: Remove unused module parameters (bsc#1243090). - scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090). - scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - soundwire: bus: Fix race on the creation of the IRQ domain (git-fixes). - spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes). - spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes). - spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes). - spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra114: Use value to check for invalid delays (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes). - tcp_cubic: fix incorrect HyStart round start detection (git-fixes). - thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running (stable-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes). - virtio_console: fix missing byte order handling for cols and rows (git-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: iwlwifi: do not warn if the NIC is gone in resume (git-fixes). - wifi: iwlwifi: fix the check for the SCRATCH register upon resume (git-fixes). - wifi: mac80211, cfg80211: miscellaneous spelling fixes (git-fixes). - wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes). - wifi: mt76: disable napi on driver removal (git-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes). - x86/xen: move xen_reserve_extra_memory() (git-fixes). - xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes). - xen: Change xen-acpi-processor dom0 dependency (git-fixes). - xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes). - xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - xhci: Limit time spent with xHC interrupts disabled during bus resume (stable-fixes). - xhci: split free interrupter into separate remove and free parts (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (git-fixes). - xsk: Do not assume metadata is always requested in TX completion (git-fixes).
Patchnames
SUSE-2025-1972,SUSE-SLE-Module-Live-Patching-15-SP7-2025-1972,SUSE-SLE-Module-RT-15-SP7-2025-1972
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
JSON
To clipboard
{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThe SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).\n- CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597).\n- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).\n- CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).\n- CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).\n- CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983).\n- CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).\n- CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1237312).\n- CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).\n- CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).\n- CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).\n- CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).\n- CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).\n- CVE-2025-21814: ptp: Ensure info-\u003eenable callback is always set (bsc#1238473).\n- CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).\n- CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655).\n- CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717).\n- CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740).\n- CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).\n- CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).\n- CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).\n- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).\n- CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).\n- CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).\n- CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).\n- CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413).\n- CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).\n- CVE-2025-22094: powerpc/perf: Fix ref-counting on the PMU \u0027vpa_pmu\u0027 (bsc#1241512).\n- CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456).\n- CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).\n- CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).\n- CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575).\n- CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).\n- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).\n- CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).\n- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).\n- CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).\n- CVE-2025-23154: io_uring/net: fix io_req_post_cqe abuse by send bundle (bsc#1242533).\n- CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507).\n- CVE-2025-37747: kABI workaround for perf-Fix-hang-while-freeing-sigtrap-event (References: bsc#1242520).\n- CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).\n- CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).\n- CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).\n- CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).\n- CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).\n- CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).\n- CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).\n- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).\n- CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).\n- CVE-2025-37798: codel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414).\n- CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283).\n- CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).\n- CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).\n- CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).\n- CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).\n- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).\n- CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).\n- CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).\n- CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).\n- CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).\n- CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).\n- CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).\n- CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).\n- CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).\n- CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).\n- CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).\n- CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).\n- CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).\n- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).\n- CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).\n- CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).\n- CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).\n- CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).\n\nThe following non-security bugs were fixed:\n\n- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).\n- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).\n- ACPI: PPTT: Fix processor subtable walk (git-fixes).\n- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).\n- ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).\n- ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes).\n- ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).\n- ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).\n- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).\n- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).\n- ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).\n- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).\n- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).\n- ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).\n- ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).\n- ASoC: Use of_property_read_bool() (stable-fixes).\n- ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction (git-fixes).\n- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).\n- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).\n- ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).\n- Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).\n- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).\n- Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths (git-fixes).\n- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes).\n- Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).\n- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).\n- Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).\n- HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).\n- HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).\n- IB/cm: use rwlock for MAD agent lock (git-fixes)\n- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).\n- Input: cyttsp5 - fix power control issue on wakeup (git-fixes).\n- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).\n- Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).\n- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).\n- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).\n- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).\n- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).\n- Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).\n- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).\n- Input: xpad - fix Share button on Xbox One controllers (stable-fixes).\n- Input: xpad - fix two controller table values (git-fixes).\n- KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest (bsc#1242205 ltc#212592).\n- KVM: SVM: Allocate IR data using atomic allocation (git-fixes).\n- KVM: SVM: Do not change target vCPU state on AP Creation VMGEXIT error (git-fixes).\n- KVM: SVM: Drop DEBUGCTL[5:2] from guest\u0027s effective value (git-fixes).\n- KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest had an invalid VMSA (git-fixes).\n- KVM: SVM: Save host DR masks on CPUs with DebugSwap (jsc#PED-348).\n- KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).\n- KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).\n- KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).\n- KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).\n- KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).\n- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).\n- KVM: arm64: Mark some header functions as inline (git-fixes).\n- KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).\n- KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).\n- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).\n- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).\n- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).\n- KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).\n- KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).\n- KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).\n- KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).\n- KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).\n- KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).\n- KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).\n- KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload() (git-fixes).\n- KVM: x86/xen: Use guest\u0027s copy of pvclock when starting timer (git-fixes).\n- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).\n- KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run() (git-fixes).\n- KVM: x86: Do not take kvm-\u003elock when iterating over vCPUs in suspend notifier (git-fixes).\n- KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).\n- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn\u0027t supported by KVM (git-fixes).\n- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).\n- KVM: x86: Make x2APIC ID 100% readonly (git-fixes).\n- KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).\n- KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).\n- KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).\n- KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected (git-fixes).\n- Move upstreamed sound patch into sorted section\n- Move upstreamed tpm patch into sorted section\n- NFS: O_DIRECT writes must check and adjust the file length (git-fixes).\n- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn\u0027t up (git-fixes).\n- NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).\n- NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).\n- RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)\n- RDMA/core: Fix \u0027KASAN: slab-use-after-free Read in ib_register_device\u0027 problem (git-fixes)\n- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)\n- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)\n- RDMA/rxe: Fix \u0027trying to register non-static key in rxe_qp_do_cleanup\u0027 bug (git-fixes)\n- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)\n- Readd patches.kabi/md-md_personality-workaround-v2.patch dropped in merge by accident.\n- Refresh fixes for cBPF issue (bsc#1242778)\n- Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.7\n- Revert \u0027drm/amd/display: Hardware cursor changes color when switched to software cursor\u0027 (stable-fixes).\n- Revert \u0027drm/amd: Keep display off while going into S4\u0027 (git-fixes).\n- Revert \u0027drm/amd: Stop evicting resources on APUs in suspend\u0027 (stable-fixes).\n- Revert \u0027rndis_host: Flag RNDIS modems as WWAN devices\u0027 (git-fixes).\n- Sort ITS patches\n- Squashfs: check return result of sb_min_blocksize (git-fixes).\n- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).\n- USB: VLI disk crashes if LPM is used (stable-fixes).\n- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes).\n- USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).\n- USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes).\n- USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).\n- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).\n- Update patches.suse/nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149).\n- Update patches.suse/nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149).\n- Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).\n- add bug reference for an existing hv_netvsc change (bsc#1243737).\n- afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).\n- afs: Make it possible to find the volumes that are using a server (git-fixes).\n- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).\n- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)\n- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).\n- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)\n- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)\n- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)\n- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)\n- arm64: insn: Add support for encoding DSB (bsc#1242778).\n- arm64: insn: Add support for encoding DSB (git-fixes)\n- arm64: proton-pack: Add new CPUs \u0027k\u0027 values for branch mitigation (bsc#1242778).\n- arm64: proton-pack: Add new CPUs \u0027k\u0027 values for branch mitigation (git-fixes)\n- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).\n- arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)\n- arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)\n- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).\n- arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).\n- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes).\n- ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes).\n- ata: libata-scsi: Improve CDL control (git-fixes).\n- auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes).\n- auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).\n- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).\n- bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).\n- bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).\n- bnxt_en: Fix ethtool selftest output in one of the failure cases (git-fixes).\n- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).\n- bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() (git-fixes).\n- bnxt_en: fix module unload sequence (git-fixes).\n- bnxt_en: improve TX timestamping FIFO configuration (git-fixes).\n- bonding: fix incorrect MAC address setting to receive NS messages (git-fixes).\n- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).\n- bpf: Scrub packet on bpf_redirect_peer (git-fixes).\n- bpf: add find_containing_subprog() utility function (bsc#1241590). Both spellings are actually used\n- bpf: check changes_pkt_data property for extension programs (bsc#1241590).\n- bpf: consider that tail calls invalidate packet pointers (bsc#1241590).\n- bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590).\n- bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590).\n- bpf: track changes_pkt_data property for global functions (bsc#1241590).\n- btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).\n- btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710).\n- btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).\n- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).\n- btrfs: avoid monopolizing a core when activating a swap file (git-fixes).\n- btrfs: do not loop for nowait writes when checking for cross references (git-fixes).\n- btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).\n- btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).\n- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).\n- can: bcm: add locking for bcm_op runtime updates (git-fixes).\n- can: bcm: add missing rcu read protection for procfs content (git-fixes).\n- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).\n- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).\n- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).\n- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).\n- can: slcan: allow reception of short error messages (git-fixes).\n- check-for-config-changes: Fix flag name typo\n- cifs: Fix integer overflow while processing actimeo mount option (git-fixes).\n- cifs: reduce warning log level for server not advertising interfaces (git-fixes).\n- crypto: algif_hash - fix double free in hash_accept (git-fixes).\n- crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).\n- cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports (bsc#1242125).\n- devlink: fix port new reply cmd type (git-fixes).\n- dm-bufio: do not schedule in atomic context (git-fixes).\n- dm-ebs: fix prefetch-vs-suspend race (git-fixes).\n- dm-integrity: fix a warning on invalid table line (git-fixes).\n- dm-integrity: set ti-\u003eerror on memory allocation failure (git-fixes).\n- dm-verity: fix prefetch-vs-suspend race (git-fixes).\n- dm: add missing unlock on in dm_keyslot_evict() (git-fixes).\n- dm: always update the array size in realloc_argv on success (git-fixes).\n- dm: fix copying after src array boundaries (git-fixes).\n- dma-buf: insert memory barrier before updating num_fences (git-fixes).\n- dmaengine: Revert \u0027dmaengine: dmatest: Fix dmatest waiting less when interrupted\u0027 (git-fixes).\n- dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes).\n- dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).\n- dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).\n- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).\n- dmaengine: idxd: Fix -\u003epoll() return value (git-fixes).\n- dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).\n- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).\n- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).\n- dmaengine: mediatek: drop unused variable (git-fixes).\n- dmaengine: ti: k3-udma: Add missing locking (git-fixes).\n- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).\n- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).\n- drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).\n- drm/amd/display: Copy AUX read reply data whenever length \u003e 0 (git-fixes).\n- drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).\n- drm/amd/display: Fix invalid context error in dml helper (git-fixes).\n- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).\n- drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).\n- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).\n- drm/amd/display: Force full update in gpu reset (stable-fixes).\n- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).\n- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).\n- drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).\n- drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).\n- drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu/vcn: using separate VCN1_AON_SOC offset (stable-fixes).\n- drm/amdgpu: Fix offset for HDP remap in nbio v7.11 (stable-fixes).\n- drm/amdgpu: Increase KIQ invalidate_tlbs timeout (stable-fixes).\n- drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).\n- drm/amdgpu: Use the right function for hdp flush (stable-fixes).\n- drm/amdgpu: fix pm notifier handling (git-fixes).\n- drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).\n- drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 (stable-fixes).\n- drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).\n- drm/fdinfo: Protect against driver unbind (git-fixes).\n- drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions\u0027 (git-fixes).\n- drm/mipi-dbi: Fix blanking for non-16 bit formats (git-fixes).\n- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes).\n- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).\n- drm/tests: shmem: Fix memleak (git-fixes).\n- drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).\n- drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs (git-fixes).\n- drm/xe/tests/mocs: Update xe_force_wake_get() return handling (stable-fixes).\n- drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 (stable-fixes).\n- drm/xe: Add page queue multiplier (git-fixes).\n- drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value (git-fixes).\n- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes).\n- ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (git-fixes).\n- ethtool: ntuple: fix rss + ring_cookie check (git-fixes).\n- ethtool: rss: fix hiding unsupported fields in dumps (git-fixes).\n- exfat: fix potential wrong error return from get_block (git-fixes).\n- ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342).\n- ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).\n- ext4: do not over-report free space or inodes in statvfs (bsc#1242345).\n- ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347).\n- ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).\n- ext4: goto right label \u0027out_mmap_sem\u0027 in ext4_setattr() (bsc#1242556).\n- ext4: make block validity check resistent to sb bh corruption (bsc#1242348).\n- ext4: partial zero eof block on unaligned inode size extension (bsc#1242336).\n- ext4: protect ext4_release_dquot against freezing (bsc#1242335).\n- ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536).\n- ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539).\n- ext4: unify the type of flexbg_size to unsigned int (bsc#1242538).\n- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes).\n- firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes).\n- fs: better handle deep ancestor chains in is_subdir() (bsc#1242528).\n- fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535).\n- fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526).\n- fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).\n- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).\n- hv_netvsc: Remove rmsg_pgcnt (git-fixes).\n- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).\n- i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).\n- i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).\n- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).\n- idpf: fix offloads support for encapsulated packets (git-fixes).\n- idpf: fix potential memory leak on kcalloc() failure (git-fixes).\n- idpf: protect shutdown from reset (git-fixes).\n- igc: fix lock order in igc_ptp_reset (git-fixes).\n- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).\n- iio: adc: ad7606: fix serial register access (git-fixes).\n- iio: adc: ad7768-1: Fix conversion result sign (git-fixes).\n- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes).\n- iio: adis16201: Correct inclinometer channel resolution (git-fixes).\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).\n- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).\n- inetpeer: remove create argument of inet_getpeer_v() (git-fixes).\n- inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).\n- io_uring/sqpoll: Increase task_work submission batch size (bsc#1238585).\n- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (bsc#1243341)\n- iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes).\n- ipv4/route: avoid unused-but-set-variable warning (git-fixes).\n- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).\n- ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).\n- ipv4: Fix incorrect source address in Record Route option (git-fixes).\n- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).\n- ipv4: fix source address selection with route leak (git-fixes).\n- ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).\n- ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).\n- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes).\n- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).\n- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).\n- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).\n- ipv6: Align behavior across nexthops during path selection (git-fixes).\n- ipv6: Do not consider link down nexthops in path selection (git-fixes).\n- ipv6: Start path selection from the first nexthop (git-fixes).\n- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).\n- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).\n- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307).\n- iwlwifi: correct modinfo firmware ucode (bsc#1243020).\n- jbd2: add a missing data flush during file and fs synchronization (bsc#1242346).\n- jbd2: fix off-by-one while erasing journal (bsc#1242344).\n- jbd2: flush filesystem device before updating tail sequence (bsc#1242333).\n- jbd2: increase IO priority for writing revoke records (bsc#1242332).\n- jbd2: increase the journal IO\u0027s priority (bsc#1242537).\n- jbd2: remove wrong sb-\u003es_sequence check (bsc#1242343).\n- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).\n- jiffies: Define secs_to_jiffies() (bsc#1242993).\n- kernel-obs-qa: Use srchash for dependency as well\n- loop: Add sanity check for read/write_iter (git-fixes).\n- loop: aio inherit the ioprio of original request (git-fixes).\n- loop: do not require -\u003ewrite_iter for writable files in loop_configure (git-fixes).\n- md/raid1,raid10: do not ignore IO flags (git-fixes).\n- md/raid10: fix missing discard IO accounting (git-fixes).\n- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).\n- md/raid1: Add check for missing source disk in process_checks() (git-fixes).\n- md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).\n- md/raid5: implement pers-\u003ebitmap_sector() (git-fixes).\n- md: add a new callback pers-\u003ebitmap_sector() (git-fixes).\n- md: ensure resync is prioritized over recovery (git-fixes).\n- md: fix mddev uaf while iterating all_mddevs list (git-fixes).\n- md: preserve KABI in struct md_personality v2 (git-fixes).\n- media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).\n- mei: me: add panther lake H DID (stable-fixes).\n- mm/readahead: fix large folio support in async readahead (bsc#1242321).\n- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326).\n- mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327).\n- mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546).\n- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes).\n- mptcp: refine opt_mp_capable determination (git-fixes).\n- mptcp: relax check on MPC passive fallback (git-fixes).\n- mptcp: strict validation before using mp_opt-\u003ehmac (git-fixes).\n- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes).\n- mtd: phram: Add the kernel lock down check (bsc#1232649).\n- neighbour: delete redundant judgment statements (git-fixes).\n- net/handshake: Fix handshake_req_destroy_test1 (git-fixes).\n- net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).\n- net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).\n- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).\n- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).\n- net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).\n- net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).\n- net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).\n- net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover (git-fixes).\n- net/mlx5e: TC, Continue the attr process even if encap entry is invalid (git-fixes).\n- net/mlx5e: Use custom tunnel header for vxlan gbp (git-fixes).\n- net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).\n- net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).\n- net: Handle napi_schedule() calls from non-interrupt (git-fixes).\n- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).\n- net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).\n- net: do not dump stack on queue timeout (git-fixes).\n- net: free_netdev: exit earlier if dummy (bsc#1243215).\n- net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).\n- net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).\n- net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).\n- net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).\n- net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).\n- net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).\n- net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).\n- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).\n- net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes).\n- net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes).\n- netdev-genl: avoid empty messages in queue dump (git-fixes).\n- netdev: fix repeated netlink messages in queue dump (git-fixes).\n- netlink: annotate data-races around sk-\u003esk_err (git-fixes).\n- netlink: specs: tc: all actions are indexed arrays (git-fixes).\n- netlink: specs: tc: fix a couple of attribute names (git-fixes).\n- netpoll: Ensure clean state on setup failures (git-fixes).\n- nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).\n- nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).\n- nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).\n- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).\n- ntb: reduce stack usage in idt_scan_mws (stable-fixes).\n- ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).\n- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).\n- nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).\n- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).\n- nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).\n- nvme-tcp: fix premature queue removal and I/O failover (git-fixes).\n- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).\n- nvme: Add \u0027partial_nid\u0027 quirk (bsc#1241148).\n- nvme: Add warning when a partiually unique NID is detected (bsc#1241148).\n- nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).\n- nvme: multipath: fix return value of nvme_available_path (git-fixes).\n- nvme: re-read ANA log page after ns scan completes (git-fixes).\n- nvme: requeue namespace scan on missed AENs (git-fixes).\n- nvme: unblock ctrl state transition for firmware update (git-fixes).\n- nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).\n- nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).\n- nvmet-fc: put ref when assoc-\u003edel_work is already scheduled (git-fixes).\n- nvmet-fc: take tgtport reference only once (git-fixes).\n- nvmet-fc: update tgtport ref per assoc (git-fixes).\n- nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).\n- nvmet-fcloop: add ref counting to lport (git-fixes).\n- nvmet-fcloop: replace kref with refcount (git-fixes).\n- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).\n- objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).\n- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).\n- octeontx2-pf: Do not reallocate all ntuple filters (git-fixes).\n- octeontx2-pf: Fix ethtool support for SDP representors (git-fixes).\n- octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).\n- padata: do not leak refcount in reorder_work (git-fixes).\n- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)\n- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)\n- perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)\n- perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)\n- phy: Fix error handling in tegra_xusb_port_init (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).\n- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).\n- phy: tegra: xusb: remove a stray unlock (git-fixes).\n- pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes).\n- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).\n- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).\n- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).\n- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).\n- powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).\n- powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view (jsc#PED-10539 git-fixes).\n- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).\n- powerpc: Do not use --- in kernel logs (git-fixes).\n- qibfs: fix _another_ leak (git-fixes)\n- rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)\n- rcu/tasks: Handle new PF_IDLE semantics (git-fixes)\n- rcu: Break rcu_node_0 --\u003e \u0026rq-\u003e__lock order (git-fixes)\n- rcu: Introduce rcu_cpu_online() (git-fixes)\n- regulator: max20086: fix invalid memory access (git-fixes).\n- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN\n- rtc: pcf85063: do a SW reset if POR failed (stable-fixes).\n- s390/ap: Fix CCA crypto card behavior within protected execution environment (git-fixes bsc#1243817 LTC#213623).\n- s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).\n- s390/cpumf: Update CPU Measurement facility extended counter set support (bsc#1243115).\n- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes).\n- s390: Add z17 elf platform (bsc#1243116).\n- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (BSC#1241319).\n- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (bsc#1241319).\n- sched/topology: Refinement to topology_span_sane speedup (bsc#1242119).\n- sched/topology: improve topology_span_sane speed (bsc#1242119).\n- sched: Add deprecation warning for users of RT_GROUP_SCHED (jsc#PED-11761 jsc#PED-12405).\n- scsi: Improve CDL control (git-fixes).\n- scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).\n- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).\n- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).\n- scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).\n- scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).\n- scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).\n- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).\n- scsi: lpfc: Fix spelling mistake \u0027Toplogy\u0027 -\u003e \u0027Topology\u0027 (bsc#1242993).\n- scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).\n- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).\n- scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).\n- scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).\n- scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).\n- scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).\n- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (bsc#1241388 jsc#PED-11258).\n- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).\n- scsi: megaraid_sas: Driver version update to 07.734.00.00-rc1 (bsc#1241388 jsc#PED-11258).\n- scsi: megaraid_sas: Make most module parameters static (bsc#1241388 jsc#PED-11258).\n- scsi: mpi3mr: Add level check to control event logging (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Avoid reply queue full condition (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Check admin reply queue from Watchdog (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Fix pending I/O counter (git-fixes).\n- scsi: mpi3mr: Fix spelling mistake \u0027skiping\u0027 -\u003e \u0027skipping\u0027 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Handling of fault code for insufficient power (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Reset the pending interrupt flag (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Support for Segmented Hardware Trace buffer (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Synchronize access to ioctl data buffer (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Task Abort EH Support (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update MPI Headers to revision 35 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update driver version to 8.12.0.3.50 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update driver version to 8.12.1.0.50 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update driver version to 8.13.0.5.50 (bsc#1241388 jsc#PED-12372).\n- scsi: mpi3mr: Update timestamp only for supervisor IOCs (bsc#1241388 jsc#PED-12372).\n- scsi: mpt3sas: Add details to EEDPTagMode error message (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Add support for MCTP Passthrough commands (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Fix buffer overflow in mpt3sas_send_mctp_passthru_req() (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Fix spelling mistake \u0027receveid\u0027 -\u003e \u0027received\u0027 (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Remove unused config functions (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Report driver capability as part of IOCINFO command (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Send a diag reset if target reset fails (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: Update MPI headers to 02.00.62 version (bsc#1241388 jsc#PED-11253).\n- scsi: mpt3sas: update driver version to 52.100.00.00 (bsc#1241388 jsc#PED-11253).\n- scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).\n- scsi: qla2xxx: Fix typos in a comment (bsc#1243090).\n- scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).\n- scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).\n- scsi: qla2xxx: Remove unused module parameters (bsc#1243090).\n- scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).\n- selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590).\n- selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590).\n- selftests/bpf: test for changing packet data from global functions (bsc#1241590).\n- selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590).\n- selftests/mm: fix incorrect buffer-\u003emirror size in hmm2 double_map test (bsc#1242203).\n- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes).\n- soundwire: bus: Fix race on the creation of the IRQ domain (git-fixes).\n- spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).\n- spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).\n- spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).\n- spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).\n- spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes).\n- spi: tegra114: Use value to check for invalid delays (git-fixes).\n- spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes).\n- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes).\n- splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328).\n- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).\n- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).\n- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).\n- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).\n- tcp_cubic: fix incorrect HyStart round start detection (git-fixes).\n- thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).\n- thunderbolt: Scan retimers after device router has been enumerated (stable-fixes).\n- tools/hv: update route parsing in kvp daemon (git-fixes).\n- tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT (git-fixes).\n- udf: Fix inode_getblk() return value (bsc#1242313).\n- udf: Skip parent dir link count update if corrupted (bsc#1242315).\n- udf: Verify inode link counts before performing rename (bsc#1242314).\n- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).\n- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes).\n- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).\n- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).\n- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes).\n- usb: gadget: f_ecm: Add get_status callback (git-fixes).\n- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).\n- usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes).\n- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).\n- usb: host: xhci-plat: mvebu: use -\u003equirks instead of -\u003einit_quirk() func (stable-fixes).\n- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes).\n- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes).\n- usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).\n- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).\n- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).\n- usb: uhci-platform: Make the clock really optional (git-fixes).\n- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).\n- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).\n- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).\n- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running (stable-fixes).\n- vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).\n- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).\n- virtio_console: fix missing byte order handling for cols and rows (git-fixes).\n- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes).\n- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).\n- wifi: iwlwifi: do not warn if the NIC is gone in resume (git-fixes).\n- wifi: iwlwifi: fix the check for the SCRATCH register upon resume (git-fixes).\n- wifi: mac80211, cfg80211: miscellaneous spelling fixes (git-fixes).\n- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).\n- wifi: mt76: disable napi on driver removal (git-fixes).\n- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes).\n- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).\n- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).\n- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).\n- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).\n- x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).\n- x86/xen: move xen_reserve_extra_memory() (git-fixes).\n- xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).\n- xen: Change xen-acpi-processor dom0 dependency (git-fixes).\n- xenfs/xensyms: respect hypervisor\u0027s \u0027next\u0027 indication (git-fixes).\n- xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).\n- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).\n- xhci: Limit time spent with xHC interrupts disabled during bus resume (stable-fixes).\n- xhci: split free interrupter into separate remove and free parts (git-fixes).\n- xsk: Add truesize to skb_add_rx_frag() (git-fixes).\n- xsk: Do not assume metadata is always requested in TX completion (git-fixes).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-1972,SUSE-SLE-Module-Live-Patching-15-SP7-2025-1972,SUSE-SLE-Module-RT-15-SP7-2025-1972",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01972-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:01972-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501972-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:01972-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040321.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1223096",
        "url": "https://bugzilla.suse.com/1223096"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1223809",
        "url": "https://bugzilla.suse.com/1223809"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1224013",
        "url": "https://bugzilla.suse.com/1224013"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1224597",
        "url": "https://bugzilla.suse.com/1224597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1224757",
        "url": "https://bugzilla.suse.com/1224757"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230581",
        "url": "https://bugzilla.suse.com/1230581"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230764",
        "url": "https://bugzilla.suse.com/1230764"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1231016",
        "url": "https://bugzilla.suse.com/1231016"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1231103",
        "url": "https://bugzilla.suse.com/1231103"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232493",
        "url": "https://bugzilla.suse.com/1232493"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232649",
        "url": "https://bugzilla.suse.com/1232649"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232882",
        "url": "https://bugzilla.suse.com/1232882"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233192",
        "url": "https://bugzilla.suse.com/1233192"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235149",
        "url": "https://bugzilla.suse.com/1235149"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235501",
        "url": "https://bugzilla.suse.com/1235501"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235526",
        "url": "https://bugzilla.suse.com/1235526"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236142",
        "url": "https://bugzilla.suse.com/1236142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236208",
        "url": "https://bugzilla.suse.com/1236208"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236704",
        "url": "https://bugzilla.suse.com/1236704"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1237312",
        "url": "https://bugzilla.suse.com/1237312"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238473",
        "url": "https://bugzilla.suse.com/1238473"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238527",
        "url": "https://bugzilla.suse.com/1238527"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238585",
        "url": "https://bugzilla.suse.com/1238585"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238714",
        "url": "https://bugzilla.suse.com/1238714"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238737",
        "url": "https://bugzilla.suse.com/1238737"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238745",
        "url": "https://bugzilla.suse.com/1238745"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238774",
        "url": "https://bugzilla.suse.com/1238774"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238862",
        "url": "https://bugzilla.suse.com/1238862"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238961",
        "url": "https://bugzilla.suse.com/1238961"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238983",
        "url": "https://bugzilla.suse.com/1238983"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238992",
        "url": "https://bugzilla.suse.com/1238992"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239079",
        "url": "https://bugzilla.suse.com/1239079"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239476",
        "url": "https://bugzilla.suse.com/1239476"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239487",
        "url": "https://bugzilla.suse.com/1239487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239691",
        "url": "https://bugzilla.suse.com/1239691"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240557",
        "url": "https://bugzilla.suse.com/1240557"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240593",
        "url": "https://bugzilla.suse.com/1240593"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240655",
        "url": "https://bugzilla.suse.com/1240655"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240711",
        "url": "https://bugzilla.suse.com/1240711"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240717",
        "url": "https://bugzilla.suse.com/1240717"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240740",
        "url": "https://bugzilla.suse.com/1240740"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240966",
        "url": "https://bugzilla.suse.com/1240966"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241148",
        "url": "https://bugzilla.suse.com/1241148"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241266",
        "url": "https://bugzilla.suse.com/1241266"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241282",
        "url": "https://bugzilla.suse.com/1241282"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241305",
        "url": "https://bugzilla.suse.com/1241305"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241319",
        "url": "https://bugzilla.suse.com/1241319"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241332",
        "url": "https://bugzilla.suse.com/1241332"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241333",
        "url": "https://bugzilla.suse.com/1241333"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241341",
        "url": "https://bugzilla.suse.com/1241341"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241343",
        "url": "https://bugzilla.suse.com/1241343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241344",
        "url": "https://bugzilla.suse.com/1241344"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241347",
        "url": "https://bugzilla.suse.com/1241347"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241351",
        "url": "https://bugzilla.suse.com/1241351"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241357",
        "url": "https://bugzilla.suse.com/1241357"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241361",
        "url": "https://bugzilla.suse.com/1241361"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241369",
        "url": "https://bugzilla.suse.com/1241369"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241376",
        "url": "https://bugzilla.suse.com/1241376"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241388",
        "url": "https://bugzilla.suse.com/1241388"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241402",
        "url": "https://bugzilla.suse.com/1241402"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241412",
        "url": "https://bugzilla.suse.com/1241412"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241413",
        "url": "https://bugzilla.suse.com/1241413"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241419",
        "url": "https://bugzilla.suse.com/1241419"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241424",
        "url": "https://bugzilla.suse.com/1241424"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241436",
        "url": "https://bugzilla.suse.com/1241436"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241441",
        "url": "https://bugzilla.suse.com/1241441"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241442",
        "url": "https://bugzilla.suse.com/1241442"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241443",
        "url": "https://bugzilla.suse.com/1241443"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241448",
        "url": "https://bugzilla.suse.com/1241448"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241456",
        "url": "https://bugzilla.suse.com/1241456"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241458",
        "url": "https://bugzilla.suse.com/1241458"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241459",
        "url": "https://bugzilla.suse.com/1241459"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241492",
        "url": "https://bugzilla.suse.com/1241492"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241512",
        "url": "https://bugzilla.suse.com/1241512"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241525",
        "url": "https://bugzilla.suse.com/1241525"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241528",
        "url": "https://bugzilla.suse.com/1241528"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241533",
        "url": "https://bugzilla.suse.com/1241533"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241535",
        "url": "https://bugzilla.suse.com/1241535"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241541",
        "url": "https://bugzilla.suse.com/1241541"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241545",
        "url": "https://bugzilla.suse.com/1241545"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241550",
        "url": "https://bugzilla.suse.com/1241550"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241573",
        "url": "https://bugzilla.suse.com/1241573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241574",
        "url": "https://bugzilla.suse.com/1241574"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241575",
        "url": "https://bugzilla.suse.com/1241575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241581",
        "url": "https://bugzilla.suse.com/1241581"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241590",
        "url": "https://bugzilla.suse.com/1241590"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241596",
        "url": "https://bugzilla.suse.com/1241596"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241597",
        "url": "https://bugzilla.suse.com/1241597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241598",
        "url": "https://bugzilla.suse.com/1241598"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241599",
        "url": "https://bugzilla.suse.com/1241599"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241601",
        "url": "https://bugzilla.suse.com/1241601"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241627",
        "url": "https://bugzilla.suse.com/1241627"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241628",
        "url": "https://bugzilla.suse.com/1241628"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241638",
        "url": "https://bugzilla.suse.com/1241638"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241648",
        "url": "https://bugzilla.suse.com/1241648"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241657",
        "url": "https://bugzilla.suse.com/1241657"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242006",
        "url": "https://bugzilla.suse.com/1242006"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242012",
        "url": "https://bugzilla.suse.com/1242012"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242119",
        "url": "https://bugzilla.suse.com/1242119"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242125",
        "url": "https://bugzilla.suse.com/1242125"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242172",
        "url": "https://bugzilla.suse.com/1242172"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242203",
        "url": "https://bugzilla.suse.com/1242203"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242205",
        "url": "https://bugzilla.suse.com/1242205"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242283",
        "url": "https://bugzilla.suse.com/1242283"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242307",
        "url": "https://bugzilla.suse.com/1242307"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242313",
        "url": "https://bugzilla.suse.com/1242313"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242314",
        "url": "https://bugzilla.suse.com/1242314"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242315",
        "url": "https://bugzilla.suse.com/1242315"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242321",
        "url": "https://bugzilla.suse.com/1242321"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242326",
        "url": "https://bugzilla.suse.com/1242326"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242327",
        "url": "https://bugzilla.suse.com/1242327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242328",
        "url": "https://bugzilla.suse.com/1242328"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242332",
        "url": "https://bugzilla.suse.com/1242332"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242333",
        "url": "https://bugzilla.suse.com/1242333"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242335",
        "url": "https://bugzilla.suse.com/1242335"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242336",
        "url": "https://bugzilla.suse.com/1242336"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242342",
        "url": "https://bugzilla.suse.com/1242342"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242343",
        "url": "https://bugzilla.suse.com/1242343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242344",
        "url": "https://bugzilla.suse.com/1242344"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242345",
        "url": "https://bugzilla.suse.com/1242345"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242346",
        "url": "https://bugzilla.suse.com/1242346"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242347",
        "url": "https://bugzilla.suse.com/1242347"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242348",
        "url": "https://bugzilla.suse.com/1242348"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242414",
        "url": "https://bugzilla.suse.com/1242414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242417",
        "url": "https://bugzilla.suse.com/1242417"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242502",
        "url": "https://bugzilla.suse.com/1242502"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242506",
        "url": "https://bugzilla.suse.com/1242506"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242507",
        "url": "https://bugzilla.suse.com/1242507"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242509",
        "url": "https://bugzilla.suse.com/1242509"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242510",
        "url": "https://bugzilla.suse.com/1242510"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242513",
        "url": "https://bugzilla.suse.com/1242513"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242520",
        "url": "https://bugzilla.suse.com/1242520"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242523",
        "url": "https://bugzilla.suse.com/1242523"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242526",
        "url": "https://bugzilla.suse.com/1242526"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242528",
        "url": "https://bugzilla.suse.com/1242528"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242533",
        "url": "https://bugzilla.suse.com/1242533"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242534",
        "url": "https://bugzilla.suse.com/1242534"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242535",
        "url": "https://bugzilla.suse.com/1242535"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242536",
        "url": "https://bugzilla.suse.com/1242536"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242537",
        "url": "https://bugzilla.suse.com/1242537"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242538",
        "url": "https://bugzilla.suse.com/1242538"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242539",
        "url": "https://bugzilla.suse.com/1242539"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242540",
        "url": "https://bugzilla.suse.com/1242540"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242546",
        "url": "https://bugzilla.suse.com/1242546"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242556",
        "url": "https://bugzilla.suse.com/1242556"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242585",
        "url": "https://bugzilla.suse.com/1242585"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242596",
        "url": "https://bugzilla.suse.com/1242596"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242710",
        "url": "https://bugzilla.suse.com/1242710"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242762",
        "url": "https://bugzilla.suse.com/1242762"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242763",
        "url": "https://bugzilla.suse.com/1242763"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242778",
        "url": "https://bugzilla.suse.com/1242778"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242786",
        "url": "https://bugzilla.suse.com/1242786"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242831",
        "url": "https://bugzilla.suse.com/1242831"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242852",
        "url": "https://bugzilla.suse.com/1242852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242854",
        "url": "https://bugzilla.suse.com/1242854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242856",
        "url": "https://bugzilla.suse.com/1242856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242859",
        "url": "https://bugzilla.suse.com/1242859"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242860",
        "url": "https://bugzilla.suse.com/1242860"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242861",
        "url": "https://bugzilla.suse.com/1242861"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242866",
        "url": "https://bugzilla.suse.com/1242866"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242867",
        "url": "https://bugzilla.suse.com/1242867"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242868",
        "url": "https://bugzilla.suse.com/1242868"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242875",
        "url": "https://bugzilla.suse.com/1242875"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242924",
        "url": "https://bugzilla.suse.com/1242924"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242944",
        "url": "https://bugzilla.suse.com/1242944"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242951",
        "url": "https://bugzilla.suse.com/1242951"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242962",
        "url": "https://bugzilla.suse.com/1242962"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242985",
        "url": "https://bugzilla.suse.com/1242985"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242993",
        "url": "https://bugzilla.suse.com/1242993"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243020",
        "url": "https://bugzilla.suse.com/1243020"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243044",
        "url": "https://bugzilla.suse.com/1243044"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243056",
        "url": "https://bugzilla.suse.com/1243056"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243077",
        "url": "https://bugzilla.suse.com/1243077"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243090",
        "url": "https://bugzilla.suse.com/1243090"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243115",
        "url": "https://bugzilla.suse.com/1243115"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243116",
        "url": "https://bugzilla.suse.com/1243116"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243215",
        "url": "https://bugzilla.suse.com/1243215"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243341",
        "url": "https://bugzilla.suse.com/1243341"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243342",
        "url": "https://bugzilla.suse.com/1243342"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243513",
        "url": "https://bugzilla.suse.com/1243513"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243519",
        "url": "https://bugzilla.suse.com/1243519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243539",
        "url": "https://bugzilla.suse.com/1243539"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243541",
        "url": "https://bugzilla.suse.com/1243541"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243547",
        "url": "https://bugzilla.suse.com/1243547"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243657",
        "url": "https://bugzilla.suse.com/1243657"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243658",
        "url": "https://bugzilla.suse.com/1243658"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243737",
        "url": "https://bugzilla.suse.com/1243737"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243805",
        "url": "https://bugzilla.suse.com/1243805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243817",
        "url": "https://bugzilla.suse.com/1243817"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243919",
        "url": "https://bugzilla.suse.com/1243919"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243963",
        "url": "https://bugzilla.suse.com/1243963"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-53034 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-53034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27018 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27018/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27415 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27415/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-28956 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-28956/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-35840 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-35840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-46713 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-46713/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-46763 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-46763/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-46865 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-46865/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50083 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50083/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50106 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50106/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50223 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50223/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-54458 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-54458/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56641 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56641/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56702 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57998 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57998/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58001 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58001/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58070 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58070/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58093 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58093/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58094 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58094/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58095 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58095/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58096 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58096/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58097 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58097/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21648 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21648/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21683 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21683/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21702 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21707 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21707/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21758 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21758/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21768 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21768/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21787 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21787/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21792 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21792/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21814 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21814/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21852 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21853 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21853/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21919 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21919/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21929 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21929/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21962 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21962/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21963 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21963/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21964 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21964/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22018 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22018/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22021 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22021/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22025 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22025/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22027 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22027/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22030 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22030/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22033 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22033/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22044 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22044/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22050 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22050/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22056 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22056/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22057 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22057/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22058 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22058/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22062 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22062/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22063 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22063/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22064 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22064/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22065 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22065/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22070 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22070/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22075 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22075/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22085 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22085/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22086 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22086/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22088 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22088/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22091 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22091/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22093 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22093/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22094 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22094/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22097 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22097/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22102 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22102/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22103 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22103/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22104 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22104/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22107 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22107/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22108 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22108/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22109 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22109/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22112 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22112/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22116 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22116/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22125 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22125/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22126 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22128 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22128/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23129 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23131 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23131/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23134 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23134/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23136 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23136/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23138 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23138/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23140 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23140/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23145 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23150 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23150/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23154 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23154/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23160 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23160/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37747 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37747/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37748 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37748/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37749 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37749/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37750 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37750/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37755 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37755/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37773 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37773/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37780 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37780/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37787 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37787/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37789 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37789/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37790 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37790/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37797 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37797/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37798 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37798/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37799 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37799/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37803 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37803/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37804 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37804/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37809 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37809/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37820 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37820/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37823 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37823/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37824 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37824/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37829 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37829/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37830 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37830/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37831 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37831/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37833 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37833/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37842 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37842/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37870 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37870/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37879 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37879/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37886 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37886/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37887 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37887/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37949 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37949/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37957 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37957/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37958 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37958/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37960 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37960/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37974 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37974/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38152 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38152/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38637 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40325 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40325/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2025-06-17T11:37:43Z",
      "generator": {
        "date": "2025-06-17T11:37:43Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:01972-1",
      "initial_release_date": "2025-06-17T11:37:43Z",
      "revision_history": [
        {
          "date": "2025-06-17T11:37:43Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
                "product": {
                  "name": "kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
                  "product_id": "kernel-devel-rt-6.4.0-150700.7.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-6.4.0-150700.7.3.1.noarch",
                "product": {
                  "name": "kernel-source-rt-6.4.0-150700.7.3.1.noarch",
                  "product_id": "kernel-source-rt-6.4.0-150700.7.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
                  "product_id": "kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt-devel-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-extra-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt-extra-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt-extra-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-devel-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-devel-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt-livepatch-devel-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-optional-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt-optional-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt-optional-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vdso-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt-vdso-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt-vdso-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt_debug-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-vdso-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-vdso-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-rt_debug-vdso-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kernel-syms-rt-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kselftests-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "kselftests-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "kselftests-kmp-rt-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "reiserfs-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                "product": {
                  "name": "reiserfs-kmp-rt-6.4.0-150700.7.3.1.x86_64",
                  "product_id": "reiserfs-kmp-rt-6.4.0-150700.7.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP7",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Real Time Module 15 SP7",
                "product": {
                  "name": "SUSE Real Time Module 15 SP7",
                  "product_id": "SUSE Real Time Module 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-rt:15:sp7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64"
        },
        "product_reference": "kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-rt-6.4.0-150700.7.3.1.noarch as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch"
        },
        "product_reference": "kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "kernel-rt-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_debug-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-6.4.0-150700.7.3.1.noarch as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch"
        },
        "product_reference": "kernel-source-rt-6.4.0-150700.7.3.1.noarch",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-rt-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        },
        "product_reference": "ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-53034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-53034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans\n\nThere is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and\nsize. This would make xlate_pos negative.\n\n[   23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000\n[   23.734158] ================================================================================\n[   23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7\n[   23.734418] shift exponent -1 is negative\n\nEnsuring xlate_pos is a positive or zero before BIT.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-53034",
          "url": "https://www.suse.com/security/cve/CVE-2023-53034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241341 for CVE-2023-53034",
          "url": "https://bugzilla.suse.com/1241341"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-53034"
    },
    {
      "cve": "CVE-2024-27018",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27018"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: skip conntrack input hook for promisc packets\n\nFor historical reasons, when bridge device is in promisc mode, packets\nthat are directed to the taps follow bridge input hook path. This patch\nadds a workaround to reset conntrack for these packets.\n\nJianbo Liu reports warning splats in their test infrastructure where\ncloned packets reach the br_netfilter input hook to confirm the\nconntrack object.\n\nScratch one bit from BR_INPUT_SKB_CB to annotate that this packet has\nreached the input hook because it is passed up to the bridge device to\nreach the taps.\n\n[   57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core\n[   57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19\n[   57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[   57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 \u003c0f\u003e 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1\n[   57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202\n[   57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000\n[   57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000\n[   57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003\n[   57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000\n[   57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800\n[   57.582313] FS:  0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000\n[   57.583040] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0\n[   57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[   57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[   57.585440] Call Trace:\n[   57.585721]  \u003cIRQ\u003e\n[   57.585976]  ? __warn+0x7d/0x130\n[   57.586323]  ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.586811]  ? report_bug+0xf1/0x1c0\n[   57.587177]  ? handle_bug+0x3f/0x70\n[   57.587539]  ? exc_invalid_op+0x13/0x60\n[   57.587929]  ? asm_exc_invalid_op+0x16/0x20\n[   57.588336]  ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.588825]  nf_hook_slow+0x3d/0xd0\n[   57.589188]  ? br_handle_vlan+0x4b/0x110\n[   57.589579]  br_pass_frame_up+0xfc/0x150\n[   57.589970]  ? br_port_flags_change+0x40/0x40\n[   57.590396]  br_handle_frame_finish+0x346/0x5e0\n[   57.590837]  ? ipt_do_table+0x32e/0x430\n[   57.591221]  ? br_handle_local_finish+0x20/0x20\n[   57.591656]  br_nf_hook_thresh+0x4b/0xf0 [br_netfilter]\n[   57.592286]  ? br_handle_local_finish+0x20/0x20\n[   57.592802]  br_nf_pre_routing_finish+0x178/0x480 [br_netfilter]\n[   57.593348]  ? br_handle_local_finish+0x20/0x20\n[   57.593782]  ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat]\n[   57.594279]  br_nf_pre_routing+0x24c/0x550 [br_netfilter]\n[   57.594780]  ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter]\n[   57.595280]  br_handle_frame+0x1f3/0x3d0\n[   57.595676]  ? br_handle_local_finish+0x20/0x20\n[   57.596118]  ? br_handle_frame_finish+0x5e0/0x5e0\n[   57.596566]  __netif_receive_skb_core+0x25b/0xfc0\n[   57.597017]  ? __napi_build_skb+0x37/0x40\n[   57.597418]  __netif_receive_skb_list_core+0xfb/0x220",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27018",
          "url": "https://www.suse.com/security/cve/CVE-2024-27018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1223809 for CVE-2024-27018",
          "url": "https://bugzilla.suse.com/1223809"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-27018"
    },
    {
      "cve": "CVE-2024-27415",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27415"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n    macvlan0\n       |\n      br0\n     /  \\\n  ethX    ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n    -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n    interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n    and schedules a work queue to send them out on the lower devices.\n\n    The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n    original skb.  The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table).  This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27415",
          "url": "https://www.suse.com/security/cve/CVE-2024-27415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224757 for CVE-2024-27415",
          "url": "https://bugzilla.suse.com/1224757"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-27415"
    },
    {
      "cve": "CVE-2024-28956",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-28956"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-28956",
          "url": "https://www.suse.com/security/cve/CVE-2024-28956"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242006 for CVE-2024-28956",
          "url": "https://bugzilla.suse.com/1242006"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-28956"
    },
    {
      "cve": "CVE-2024-35840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-35840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()\n\nsubflow_finish_connect() uses four fields (backup, join_id, thmac, none)\nthat may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set\nin mptcp_parse_option()",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-35840",
          "url": "https://www.suse.com/security/cve/CVE-2024-35840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224597 for CVE-2024-35840",
          "url": "https://bugzilla.suse.com/1224597"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-35840"
    },
    {
      "cve": "CVE-2024-46713",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-46713"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event-\u003emmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-46713",
          "url": "https://www.suse.com/security/cve/CVE-2024-46713"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230581 for CVE-2024-46713",
          "url": "https://bugzilla.suse.com/1230581"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-46713"
    },
    {
      "cve": "CVE-2024-46763",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-46763"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk-\u003esk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk-\u003esk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk-\u003esk_user_data could be NULL.\n\nLet\u0027s use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 \u003c0f\u003e b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n\u003c/IRQ\u003e\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 \u003cfa\u003e c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-46763",
          "url": "https://www.suse.com/security/cve/CVE-2024-46763"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230764 for CVE-2024-46763",
          "url": "https://bugzilla.suse.com/1230764"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-46763"
    },
    {
      "cve": "CVE-2024-46865",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-46865"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: fix initialization of grc\n\nThe grc must be initialize first. There can be a condition where if\nfou is NULL, goto out will be executed and grc would be used\nuninitialized.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-46865",
          "url": "https://www.suse.com/security/cve/CVE-2024-46865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1231103 for CVE-2024-46865",
          "url": "https://bugzilla.suse.com/1231103"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-46865"
    },
    {
      "cve": "CVE-2024-50083",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50083"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix mptcp DSS corruption due to large pmtu xmit\n\nSyzkaller was able to trigger a DSS corruption:\n\n  TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.\n  ------------[ cut here ]------------\n  WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n  RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n  Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 \u003c0f\u003e 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff\n  RSP: 0018:ffffc90000006db8 EFLAGS: 00010246\n  RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00\n  RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0\n  RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8\n  R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000\n  R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5\n  FS:  000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   \u003cIRQ\u003e\n   move_skbs_to_msk net/mptcp/protocol.c:811 [inline]\n   mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854\n   subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490\n   tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283\n   tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237\n   tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n   tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350\n   ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n   ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n   NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n   NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n   __netif_receive_skb_one_core net/core/dev.c:5662 [inline]\n   __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775\n   process_backlog+0x662/0x15b0 net/core/dev.c:6107\n   __napi_poll+0xcb/0x490 net/core/dev.c:6771\n   napi_poll net/core/dev.c:6840 [inline]\n   net_rx_action+0x89b/0x1240 net/core/dev.c:6962\n   handle_softirqs+0x2c5/0x980 kernel/softirq.c:554\n   do_softirq+0x11b/0x1e0 kernel/softirq.c:455\n   \u003c/IRQ\u003e\n   \u003cTASK\u003e\n   __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n   local_bh_enable include/linux/bottom_half.h:33 [inline]\n   rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n   __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451\n   dev_queue_xmit include/linux/netdevice.h:3094 [inline]\n   neigh_hh_output include/net/neighbour.h:526 [inline]\n   neigh_output include/net/neighbour.h:540 [inline]\n   ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n   ip_local_out net/ipv4/ip_output.c:130 [inline]\n   __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536\n   __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466\n   tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n   tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline]\n   tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752\n   __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015\n   tcp_push_pending_frames include/net/tcp.h:2107 [inline]\n   tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline]\n   tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239\n   tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n   sk_backlog_rcv include/net/sock.h:1113 [inline]\n   __release_sock+0x214/0x350 net/core/sock.c:3072\n   release_sock+0x61/0x1f0 net/core/sock.c:3626\n   mptcp_push_\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50083",
          "url": "https://www.suse.com/security/cve/CVE-2024-50083"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232493 for CVE-2024-50083",
          "url": "https://bugzilla.suse.com/1232493"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50083"
    },
    {
      "cve": "CVE-2024-50106",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50106"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn\u0027t empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that\u0027s based on adding 2 new additional\nstid\u0027s sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn\u0027t finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50106",
          "url": "https://www.suse.com/security/cve/CVE-2024-50106"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232882 for CVE-2024-50106",
          "url": "https://bugzilla.suse.com/1232882"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50106"
    },
    {
      "cve": "CVE-2024-50223",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50223"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/numa: Fix the potential null pointer dereference in task_numa_work()\n\nWhen running stress-ng-vm-segv test, we found a null pointer dereference\nerror in task_numa_work(). Here is the backtrace:\n\n  [323676.066985] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n  ......\n  [323676.067108] CPU: 35 PID: 2694524 Comm: stress-ng-vm-se\n  ......\n  [323676.067113] pstate: 23401009 (nzCv daif +PAN -UAO +TCO +DIT +SSBS BTYPE=--)\n  [323676.067115] pc : vma_migratable+0x1c/0xd0\n  [323676.067122] lr : task_numa_work+0x1ec/0x4e0\n  [323676.067127] sp : ffff8000ada73d20\n  [323676.067128] x29: ffff8000ada73d20 x28: 0000000000000000 x27: 000000003e89f010\n  [323676.067130] x26: 0000000000080000 x25: ffff800081b5c0d8 x24: ffff800081b27000\n  [323676.067133] x23: 0000000000010000 x22: 0000000104d18cc0 x21: ffff0009f7158000\n  [323676.067135] x20: 0000000000000000 x19: 0000000000000000 x18: ffff8000ada73db8\n  [323676.067138] x17: 0001400000000000 x16: ffff800080df40b0 x15: 0000000000000035\n  [323676.067140] x14: ffff8000ada73cc8 x13: 1fffe0017cc72001 x12: ffff8000ada73cc8\n  [323676.067142] x11: ffff80008001160c x10: ffff000be639000c x9 : ffff8000800f4ba4\n  [323676.067145] x8 : ffff000810375000 x7 : ffff8000ada73974 x6 : 0000000000000001\n  [323676.067147] x5 : 0068000b33e26707 x4 : 0000000000000001 x3 : ffff0009f7158000\n  [323676.067149] x2 : 0000000000000041 x1 : 0000000000004400 x0 : 0000000000000000\n  [323676.067152] Call trace:\n  [323676.067153]  vma_migratable+0x1c/0xd0\n  [323676.067155]  task_numa_work+0x1ec/0x4e0\n  [323676.067157]  task_work_run+0x78/0xd8\n  [323676.067161]  do_notify_resume+0x1ec/0x290\n  [323676.067163]  el0_svc+0x150/0x160\n  [323676.067167]  el0t_64_sync_handler+0xf8/0x128\n  [323676.067170]  el0t_64_sync+0x17c/0x180\n  [323676.067173] Code: d2888001 910003fd f9000bf3 aa0003f3 (f9401000)\n  [323676.067177] SMP: stopping secondary CPUs\n  [323676.070184] Starting crashdump kernel...\n\nstress-ng-vm-segv in stress-ng is used to stress test the SIGSEGV error\nhandling function of the system, which tries to cause a SIGSEGV error on\nreturn from unmapping the whole address space of the child process.\n\nNormally this program will not cause kernel crashes. But before the\nmunmap system call returns to user mode, a potential task_numa_work()\nfor numa balancing could be added and executed. In this scenario, since the\nchild process has no vma after munmap, the vma_next() in task_numa_work()\nwill return a null pointer even if the vma iterator restarts from 0.\n\nRecheck the vma pointer before dereferencing it in task_numa_work().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50223",
          "url": "https://www.suse.com/security/cve/CVE-2024-50223"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233192 for CVE-2024-50223",
          "url": "https://bugzilla.suse.com/1233192"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50223"
    },
    {
      "cve": "CVE-2024-54458",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-54458"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: bsg: Set bsg_queue to NULL after removal\n\nCurrently, this does not cause any issues, but I believe it is necessary to\nset bsg_queue to NULL after removing it to prevent potential use-after-free\n(UAF) access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-54458",
          "url": "https://www.suse.com/security/cve/CVE-2024-54458"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238992 for CVE-2024-54458",
          "url": "https://bugzilla.suse.com/1238992"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-54458"
    },
    {
      "cve": "CVE-2024-56641",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56641"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: initialize close_work early to avoid warning\n\nWe encountered a warning that close_work was canceled before\ninitialization.\n\n  WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0\n  Workqueue: events smc_lgr_terminate_work [smc]\n  RIP: 0010:__flush_work+0x19e/0x1b0\n  Call Trace:\n   ? __wake_up_common+0x7a/0x190\n   ? work_busy+0x80/0x80\n   __cancel_work_timer+0xe3/0x160\n   smc_close_cancel_work+0x1a/0x70 [smc]\n   smc_close_active_abort+0x207/0x360 [smc]\n   __smc_lgr_terminate.part.38+0xc8/0x180 [smc]\n   process_one_work+0x19e/0x340\n   worker_thread+0x30/0x370\n   ? process_one_work+0x340/0x340\n   kthread+0x117/0x130\n   ? __kthread_cancel_work+0x50/0x50\n   ret_from_fork+0x22/0x30\n\nThis is because when smc_close_cancel_work is triggered, e.g. the RDMA\ndriver is rmmod and the LGR is terminated, the conn-\u003eclose_work is\nflushed before initialization, resulting in WARN_ON(!work-\u003efunc).\n\n__smc_lgr_terminate             | smc_connect_{rdma|ism}\n-------------------------------------------------------------\n                                | smc_conn_create\n\t\t\t\t| \\- smc_lgr_register_conn\nfor conn in lgr-\u003econns_all      |\n\\- smc_conn_kill                |\n   \\- smc_close_active_abort    |\n      \\- smc_close_cancel_work  |\n         \\- cancel_work_sync    |\n            \\- __flush_work     |\n\t         (close_work)   |\n\t                        | smc_close_init\n\t                        | \\- INIT_WORK(\u0026close_work)\n\nSo fix this by initializing close_work before establishing the\nconnection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56641",
          "url": "https://www.suse.com/security/cve/CVE-2024-56641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235526 for CVE-2024-56641",
          "url": "https://bugzilla.suse.com/1235526"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56641"
    },
    {
      "cve": "CVE-2024-56702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL.  However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n  [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56702",
          "url": "https://www.suse.com/security/cve/CVE-2024-56702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235501 for CVE-2024-56702",
          "url": "https://bugzilla.suse.com/1235501"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56702"
    },
    {
      "cve": "CVE-2024-57998",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57998"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: add index check to assert to avoid buffer overflow in _read_freq()\n\nPass the freq index to the assert function to make sure\nwe do not read a freq out of the opp-\u003erates[] table when called\nfrom the indexed variants:\ndev_pm_opp_find_freq_exact_indexed() or\ndev_pm_opp_find_freq_ceil/floor_indexed().\n\nAdd a secondary parameter to the assert function, unused\nfor assert_single_clk() then add assert_clk_index() which\nwill check for the clock index when called from the _indexed()\nfind functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57998",
          "url": "https://www.suse.com/security/cve/CVE-2024-57998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238527 for CVE-2024-57998",
          "url": "https://bugzilla.suse.com/1238527"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-57998"
    },
    {
      "cve": "CVE-2024-58001",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58001"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: handle a symlink read error correctly\n\nPatch series \"Convert ocfs2 to use folios\".\n\nMark did a conversion of ocfs2 to use folios and sent it to me as a\ngiant patch for review ;-)\n\nSo I\u0027ve redone it as individual patches, and credited Mark for the patches\nwhere his code is substantially the same.  It\u0027s not a bad way to do it;\nhis patch had some bugs and my patches had some bugs.  Hopefully all our\nbugs were different from each other.  And hopefully Mark likes all the\nchanges I made to his code!\n\n\nThis patch (of 23):\n\nIf we can\u0027t read the buffer, be sure to unlock the page before returning.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58001",
          "url": "https://www.suse.com/security/cve/CVE-2024-58001"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239079 for CVE-2024-58001",
          "url": "https://bugzilla.suse.com/1239079"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "low"
        }
      ],
      "title": "CVE-2024-58001"
    },
    {
      "cve": "CVE-2024-58070",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58070"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT\n\nIn PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible\ncontext. bpf_mem_alloc must be used in PREEMPT_RT. This patch is\nto enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT\nis enabled.\n\n[   35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[   35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs\n[   35.118569] preempt_count: 1, expected: 0\n[   35.118571] RCU nest depth: 1, expected: 1\n[   35.118577] INFO: lockdep is turned off.\n    ...\n[   35.118647]  __might_resched+0x433/0x5b0\n[   35.118677]  rt_spin_lock+0xc3/0x290\n[   35.118700]  ___slab_alloc+0x72/0xc40\n[   35.118723]  __kmalloc_noprof+0x13f/0x4e0\n[   35.118732]  bpf_map_kzalloc+0xe5/0x220\n[   35.118740]  bpf_selem_alloc+0x1d2/0x7b0\n[   35.118755]  bpf_local_storage_update+0x2fa/0x8b0\n[   35.118784]  bpf_sk_storage_get_tracing+0x15a/0x1d0\n[   35.118791]  bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66\n[   35.118795]  bpf_trace_run3+0x222/0x400\n[   35.118820]  __bpf_trace_inet_sock_set_state+0x11/0x20\n[   35.118824]  trace_inet_sock_set_state+0x112/0x130\n[   35.118830]  inet_sk_state_store+0x41/0x90\n[   35.118836]  tcp_set_state+0x3b3/0x640\n\nThere is no need to adjust the gfp_flags passing to the\nbpf_mem_cache_alloc_flags() which only honors the GFP_KERNEL.\nThe verifier has ensured GFP_KERNEL is passed only in sleepable context.\n\nIt has been an old issue since the first introduction of the\nbpf_local_storage ~5 years ago, so this patch targets the bpf-next.\n\nbpf_mem_alloc is needed to solve it, so the Fixes tag is set\nto the commit when bpf_mem_alloc was first used in the bpf_local_storage.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58070",
          "url": "https://www.suse.com/security/cve/CVE-2024-58070"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238983 for CVE-2024-58070",
          "url": "https://bugzilla.suse.com/1238983"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58070"
    },
    {
      "cve": "CVE-2024-58093",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58093"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink-\u003edownstream would point to free\u0027d memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58093",
          "url": "https://www.suse.com/security/cve/CVE-2024-58093"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241347 for CVE-2024-58093",
          "url": "https://bugzilla.suse.com/1241347"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58093"
    },
    {
      "cve": "CVE-2024-58094",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58094"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n  jfs_write_failed() {\n    jfs_truncate() {\n      jfs_truncate_nolock() {\n        txEnd() {\n          ...\n          log = JFS_SBI(tblk-\u003esb)-\u003elog;\n          // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58094",
          "url": "https://www.suse.com/security/cve/CVE-2024-58094"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241443 for CVE-2024-58094",
          "url": "https://bugzilla.suse.com/1241443"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58094"
    },
    {
      "cve": "CVE-2024-58095",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58095"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58095",
          "url": "https://www.suse.com/security/cve/CVE-2024-58095"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241442 for CVE-2024-58095",
          "url": "https://bugzilla.suse.com/1241442"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58095"
    },
    {
      "cve": "CVE-2024-58096",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58096"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng-\u003elock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng-\u003elock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng-\u003elock for them to avoid such warnings.\n\nInorder to fetch the srng-\u003elock, should change srng\u0027s definition from\n\u0027void\u0027 to \u0027struct hal_srng\u0027. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58096",
          "url": "https://www.suse.com/security/cve/CVE-2024-58096"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241344 for CVE-2024-58096",
          "url": "https://bugzilla.suse.com/1241344"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58096"
    },
    {
      "cve": "CVE-2024-58097",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58097"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58097",
          "url": "https://www.suse.com/security/cve/CVE-2024-58097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241343 for CVE-2024-58097",
          "url": "https://bugzilla.suse.com/1241343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58097"
    },
    {
      "cve": "CVE-2025-21648",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21648"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\n\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\nresizing hashtable because __GFP_NOWARN is unset. See:\n\n  0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\n\nNote: hashtable resize is only possible from init_netns.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21648",
          "url": "https://www.suse.com/security/cve/CVE-2025-21648"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236142 for CVE-2025-21648",
          "url": "https://bugzilla.suse.com/1236142"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21648"
    },
    {
      "cve": "CVE-2025-21683",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21683"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_sk_select_reuseport() memory leak\n\nAs pointed out in the original comment, lookup in sockmap can return a TCP\nESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF\nset before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb\ndoes not imply a non-refcounted socket.\n\nDrop sk\u0027s reference in both error paths.\n\nunreferenced object 0xffff888101911800 (size 2048):\n  comm \"test_progs\", pid 44109, jiffies 4297131437\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 9336483b):\n    __kmalloc_noprof+0x3bf/0x560\n    __reuseport_alloc+0x1d/0x40\n    reuseport_alloc+0xca/0x150\n    reuseport_attach_prog+0x87/0x140\n    sk_reuseport_attach_bpf+0xc8/0x100\n    sk_setsockopt+0x1181/0x1990\n    do_sock_setsockopt+0x12b/0x160\n    __sys_setsockopt+0x7b/0xc0\n    __x64_sys_setsockopt+0x1b/0x30\n    do_syscall_64+0x93/0x180\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21683",
          "url": "https://www.suse.com/security/cve/CVE-2025-21683"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236704 for CVE-2025-21683",
          "url": "https://bugzilla.suse.com/1236704"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-21683"
    },
    {
      "cve": "CVE-2025-21702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n   Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21702",
          "url": "https://www.suse.com/security/cve/CVE-2025-21702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237312 for CVE-2025-21702",
          "url": "https://bugzilla.suse.com/1237312"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245797 for CVE-2025-21702",
          "url": "https://bugzilla.suse.com/1245797"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-21702"
    },
    {
      "cve": "CVE-2025-21707",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21707"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: consolidate suboption status\n\nMPTCP maintains the received sub-options status is the bitmask carrying\nthe received suboptions and in several bitfields carrying per suboption\nadditional info.\n\nZeroing the bitmask before parsing is not enough to ensure a consistent\nstatus, and the MPTCP code has to additionally clear some bitfiled\ndepending on the actually parsed suboption.\n\nThe above schema is fragile, and syzbot managed to trigger a path where\na relevant bitfield is not cleared/initialized:\n\n  BUG: KMSAN: uninit-value in __mptcp_expand_seq net/mptcp/options.c:1030 [inline]\n  BUG: KMSAN: uninit-value in mptcp_expand_seq net/mptcp/protocol.h:864 [inline]\n  BUG: KMSAN: uninit-value in ack_update_msk net/mptcp/options.c:1060 [inline]\n  BUG: KMSAN: uninit-value in mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209\n   __mptcp_expand_seq net/mptcp/options.c:1030 [inline]\n   mptcp_expand_seq net/mptcp/protocol.h:864 [inline]\n   ack_update_msk net/mptcp/options.c:1060 [inline]\n   mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209\n   tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233\n   tcp_rcv_established+0x1061/0x2510 net/ipv4/tcp_input.c:6264\n   tcp_v4_do_rcv+0x7f3/0x11a0 net/ipv4/tcp_ipv4.c:1916\n   tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351\n   ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205\n   ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233\n   NF_HOOK include/linux/netfilter.h:314 [inline]\n   ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n   dst_input include/net/dst.h:460 [inline]\n   ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447\n   NF_HOOK include/linux/netfilter.h:314 [inline]\n   ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567\n   __netif_receive_skb_one_core net/core/dev.c:5704 [inline]\n   __netif_receive_skb+0x319/0xa00 net/core/dev.c:5817\n   process_backlog+0x4ad/0xa50 net/core/dev.c:6149\n   __napi_poll+0xe7/0x980 net/core/dev.c:6902\n   napi_poll net/core/dev.c:6971 [inline]\n   net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093\n   handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n   __do_softirq+0x14/0x1a kernel/softirq.c:595\n   do_softirq+0x9a/0x100 kernel/softirq.c:462\n   __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n   local_bh_enable include/linux/bottom_half.h:33 [inline]\n   rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n   __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4493\n   dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n   neigh_hh_output include/net/neighbour.h:523 [inline]\n   neigh_output include/net/neighbour.h:537 [inline]\n   ip_finish_output2+0x187c/0x1b70 net/ipv4/ip_output.c:236\n   __ip_finish_output+0x287/0x810\n   ip_finish_output+0x4b/0x600 net/ipv4/ip_output.c:324\n   NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n   ip_output+0x15f/0x3f0 net/ipv4/ip_output.c:434\n   dst_output include/net/dst.h:450 [inline]\n   ip_local_out net/ipv4/ip_output.c:130 [inline]\n   __ip_queue_xmit+0x1f2a/0x20d0 net/ipv4/ip_output.c:536\n   ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:550\n   __tcp_transmit_skb+0x3cea/0x4900 net/ipv4/tcp_output.c:1468\n   tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]\n   tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829\n   __tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012\n   tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618\n   __tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130\n   __mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496\n   mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550\n   mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889\n   mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [inline]\n   mptcp_pm_flush_addrs_and_subflows net/mptcp/pm_netlink.c:1688 [inline]\n   mptcp_nl_flush_addrs_list net/mptcp/pm_netlink.c:1709 [inline]\n   mptcp_pm_nl_flush_addrs_doit+0xe10/0x1630 net/mptcp/pm_netlink.c:1750\n   genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21707",
          "url": "https://www.suse.com/security/cve/CVE-2025-21707"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238862 for CVE-2025-21707",
          "url": "https://bugzilla.suse.com/1238862"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21707"
    },
    {
      "cve": "CVE-2025-21758",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21758"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: add RCU protection to mld_newpack()\n\nmld_newpack() can be called without RTNL or RCU being held.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21758",
          "url": "https://www.suse.com/security/cve/CVE-2025-21758"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238737 for CVE-2025-21758",
          "url": "https://bugzilla.suse.com/1238737"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21758"
    },
    {
      "cve": "CVE-2025-21768",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21768"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels\n\nSome lwtunnels have a dst cache for post-transformation dst.\nIf the packet destination did not change we may end up recording\na reference to the lwtunnel in its own cache, and the lwtunnel\nstate will never be freed.\n\nDiscovered by the ioam6.sh test, kmemleak was recently fixed\nto catch per-cpu memory leaks. I\u0027m not sure if rpl and seg6\ncan actually hit this, but in principle I don\u0027t see why not.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21768",
          "url": "https://www.suse.com/security/cve/CVE-2025-21768"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238714 for CVE-2025-21768",
          "url": "https://bugzilla.suse.com/1238714"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21768"
    },
    {
      "cve": "CVE-2025-21787",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21787"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: better TEAM_OPTION_TYPE_STRING validation\n\nsyzbot reported following splat [1]\n\nMake sure user-provided data contains one nul byte.\n\n[1]\n BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]\n BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714\n  string_nocheck lib/vsprintf.c:633 [inline]\n  string+0x3ec/0x5f0 lib/vsprintf.c:714\n  vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843\n  __request_module+0x252/0x9f0 kernel/module/kmod.c:149\n  team_mode_get drivers/net/team/team_core.c:480 [inline]\n  team_change_mode drivers/net/team/team_core.c:607 [inline]\n  team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401\n  team_option_set drivers/net/team/team_core.c:375 [inline]\n  team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662\n  genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n  genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n  genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543\n  genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219\n  netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892\n  sock_sendmsg_nosec net/socket.c:718 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:733\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2573\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627\n  __sys_sendmsg net/socket.c:2659 [inline]\n  __do_sys_sendmsg net/socket.c:2664 [inline]\n  __se_sys_sendmsg net/socket.c:2662 [inline]\n  __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662\n  x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21787",
          "url": "https://www.suse.com/security/cve/CVE-2025-21787"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238774 for CVE-2025-21787",
          "url": "https://bugzilla.suse.com/1238774"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21787"
    },
    {
      "cve": "CVE-2025-21792",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21792"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt\n\nIf an AX25 device is bound to a socket by setting the SO_BINDTODEVICE\nsocket option, a refcount leak will occur in ax25_release().\n\nCommit 9fd75b66b8f6 (\"ax25: Fix refcount leaks caused by ax25_cb_del()\")\nadded decrement of device refcounts in ax25_release(). In order for that\nto work correctly the refcounts must already be incremented when the\ndevice is bound to the socket. An AX25 device can be bound to a socket\nby either calling ax25_bind() or setting SO_BINDTODEVICE socket option.\nIn both cases the refcounts should be incremented, but in fact it is done\nonly in ax25_bind().\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nModules linked in:\nCPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4156 [inline]\n netdev_put include/linux/netdevice.h:4173 [inline]\n netdev_put include/linux/netdevice.h:4169 [inline]\n ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069\n __sock_release+0xb0/0x270 net/socket.c:640\n sock_close+0x1c/0x30 net/socket.c:1408\n ...\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nFix the implementation of ax25_setsockopt() by adding increment of\nrefcounts for the new device bound, and decrement of refcounts for\nthe old unbound device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21792",
          "url": "https://www.suse.com/security/cve/CVE-2025-21792"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238745 for CVE-2025-21792",
          "url": "https://bugzilla.suse.com/1238745"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21792"
    },
    {
      "cve": "CVE-2025-21814",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21814"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Ensure info-\u003eenable callback is always set\n\nThe ioctl and sysfs handlers unconditionally call the -\u003eenable callback.\nNot all drivers implement that callback, leading to NULL dereferences.\nExample of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.\n\nInstead use a dummy callback if no better was specified by the driver.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21814",
          "url": "https://www.suse.com/security/cve/CVE-2025-21814"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238473 for CVE-2025-21814",
          "url": "https://bugzilla.suse.com/1238473"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21814"
    },
    {
      "cve": "CVE-2025-21852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Add rx_skb of kfree_skb to raw_tp_null_args[].\n\nYan Zhai reported a BPF prog could trigger a null-ptr-deref [0]\nin trace_kfree_skb if the prog does not check if rx_sk is NULL.\n\nCommit c53795d48ee8 (\"net: add rx_sk to trace_kfree_skb\") added\nrx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL.\n\nLet\u0027s add kfree_skb to raw_tp_null_args[] to let the BPF verifier\nvalidate such a prog and prevent the issue.\n\nNow we fail to load such a prog:\n\n  libbpf: prog \u0027drop\u0027: -- BEGIN PROG LOAD LOG --\n  0: R1=ctx() R10=fp0\n  ; int BPF_PROG(drop, struct sk_buff *skb, void *location, @ kfree_skb_sk_null.bpf.c:21\n  0: (79) r3 = *(u64 *)(r1 +24)\n  func \u0027kfree_skb\u0027 arg3 has btf_id 5253 type STRUCT \u0027sock\u0027\n  1: R1=ctx() R3_w=trusted_ptr_or_null_sock(id=1)\n  ; bpf_printk(\"sk: %d, %d\\n\", sk, sk-\u003e__sk_common.skc_family); @ kfree_skb_sk_null.bpf.c:24\n  1: (69) r4 = *(u16 *)(r3 +16)\n  R3 invalid mem access \u0027trusted_ptr_or_null_\u0027\n  processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0\n  -- END PROG LOAD LOG --\n\nNote this fix requires commit 838a10bd2ebf (\"bpf: Augment raw_tp\narguments with PTR_MAYBE_NULL\").\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000010\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP\nRIP: 0010:bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x60\n ? page_fault_oops+0x148/0x420\n ? search_bpf_extables+0x5b/0x70\n ? fixup_exception+0x27/0x2c0\n ? exc_page_fault+0x75/0x170\n ? asm_exc_page_fault+0x22/0x30\n ? bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d\n bpf_trace_run4+0x68/0xd0\n ? unix_stream_connect+0x1f4/0x6f0\n sk_skb_reason_drop+0x90/0x120\n unix_stream_connect+0x1f4/0x6f0\n __sys_connect+0x7f/0xb0\n __x64_sys_connect+0x14/0x20\n do_syscall_64+0x47/0xc30\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21852",
          "url": "https://www.suse.com/security/cve/CVE-2025-21852"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239487 for CVE-2025-21852",
          "url": "https://bugzilla.suse.com/1239487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21852"
    },
    {
      "cve": "CVE-2025-21853",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21853"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: avoid holding freeze_mutex during mmap operation\n\nWe use map-\u003efreeze_mutex to prevent races between map_freeze() and\nmemory mapping BPF map contents with writable permissions. The way we\nnaively do this means we\u0027ll hold freeze_mutex for entire duration of all\nthe mm and VMA manipulations, which is completely unnecessary. This can\npotentially also lead to deadlocks, as reported by syzbot in [0].\n\nSo, instead, hold freeze_mutex only during writeability checks, bump\n(proactively) \"write active\" count for the map, unlock the mutex and\nproceed with mmap logic. And only if something went wrong during mmap\nlogic, then undo that \"write active\" counter increment.\n\n  [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21853",
          "url": "https://www.suse.com/security/cve/CVE-2025-21853"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239476 for CVE-2025-21853",
          "url": "https://bugzilla.suse.com/1239476"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21853"
    },
    {
      "cve": "CVE-2025-21919",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21919"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix potential memory corruption in child_cfs_rq_on_list\n\nchild_cfs_rq_on_list attempts to convert a \u0027prev\u0027 pointer to a cfs_rq.\nThis \u0027prev\u0027 pointer can originate from struct rq\u0027s leaf_cfs_rq_list,\nmaking the conversion invalid and potentially leading to memory\ncorruption. Depending on the relative positions of leaf_cfs_rq_list and\nthe task group (tg) pointer within the struct, this can cause a memory\nfault or access garbage data.\n\nThe issue arises in list_add_leaf_cfs_rq, where both\ncfs_rq-\u003eleaf_cfs_rq_list and rq-\u003eleaf_cfs_rq_list are added to the same\nleaf list. Also, rq-\u003etmp_alone_branch can be set to rq-\u003eleaf_cfs_rq_list.\n\nThis adds a check `if (prev == \u0026rq-\u003eleaf_cfs_rq_list)` after the main\nconditional in child_cfs_rq_on_list. This ensures that the container_of\noperation will convert a correct cfs_rq struct.\n\nThis check is sufficient because only cfs_rqs on the same CPU are added\nto the list, so verifying the \u0027prev\u0027 pointer against the current rq\u0027s list\nhead is enough.\n\nFixes a potential memory corruption issue that due to current struct\nlayout might not be manifesting as a crash but could lead to unpredictable\nbehavior when the layout changes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21919",
          "url": "https://www.suse.com/security/cve/CVE-2025-21919"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240593 for CVE-2025-21919",
          "url": "https://bugzilla.suse.com/1240593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21919"
    },
    {
      "cve": "CVE-2025-21929",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21929"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()\n\nDuring the `rmmod` operation for the `intel_ishtp_hid` driver, a\nuse-after-free issue can occur in the hid_ishtp_cl_remove() function.\nThe function hid_ishtp_cl_deinit() is called before ishtp_hid_remove(),\nwhich can lead to accessing freed memory or resources during the\nremoval process.\n\nCall Trace:\n ? ishtp_cl_send+0x168/0x220 [intel_ishtp]\n ? hid_output_report+0xe3/0x150 [hid]\n hid_ishtp_set_feature+0xb5/0x120 [intel_ishtp_hid]\n ishtp_hid_request+0x7b/0xb0 [intel_ishtp_hid]\n hid_hw_request+0x1f/0x40 [hid]\n sensor_hub_set_feature+0x11f/0x190 [hid_sensor_hub]\n _hid_sensor_power_state+0x147/0x1e0 [hid_sensor_trigger]\n hid_sensor_runtime_resume+0x22/0x30 [hid_sensor_trigger]\n sensor_hub_remove+0xa8/0xe0 [hid_sensor_hub]\n hid_device_remove+0x49/0xb0 [hid]\n hid_destroy_device+0x6f/0x90 [hid]\n ishtp_hid_remove+0x42/0x70 [intel_ishtp_hid]\n hid_ishtp_cl_remove+0x6b/0xb0 [intel_ishtp_hid]\n ishtp_cl_device_remove+0x4a/0x60 [intel_ishtp]\n ...\n\nAdditionally, ishtp_hid_remove() is a HID level power off, which should\noccur before the ISHTP level disconnect.\n\nThis patch resolves the issue by reordering the calls in\nhid_ishtp_cl_remove(). The function ishtp_hid_remove() is now\ncalled before hid_ishtp_cl_deinit().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21929",
          "url": "https://www.suse.com/security/cve/CVE-2025-21929"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240711 for CVE-2025-21929",
          "url": "https://bugzilla.suse.com/1240711"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21929"
    },
    {
      "cve": "CVE-2025-21962",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21962"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing closetimeo mount option\n\nUser-provided mount parameter closetimeo of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21962",
          "url": "https://www.suse.com/security/cve/CVE-2025-21962"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240655 for CVE-2025-21962",
          "url": "https://bugzilla.suse.com/1240655"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21962"
    },
    {
      "cve": "CVE-2025-21963",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21963"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acdirmax mount option\n\nUser-provided mount parameter acdirmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21963",
          "url": "https://www.suse.com/security/cve/CVE-2025-21963"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240717 for CVE-2025-21963",
          "url": "https://bugzilla.suse.com/1240717"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21963"
    },
    {
      "cve": "CVE-2025-21964",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21964"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acregmax mount option\n\nUser-provided mount parameter acregmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21964",
          "url": "https://www.suse.com/security/cve/CVE-2025-21964"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240740 for CVE-2025-21964",
          "url": "https://bugzilla.suse.com/1240740"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21964"
    },
    {
      "cve": "CVE-2025-22018",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22018"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry-\u003euse code in it.\n\nkasan log:\n\n[    3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[    3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[    3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[    3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[    3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[    3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[    3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[    3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[    3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[    3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[    3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[    3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[    3.324185] FS:  000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[    3.325042] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[    3.326430] Call Trace:\n[    3.326725]  \u003cTASK\u003e\n[    3.326927]  ? die_addr+0x3c/0xa0\n[    3.327330]  ? exc_general_protection+0x161/0x2a0\n[    3.327662]  ? asm_exc_general_protection+0x26/0x30\n[    3.328214]  ? vprintk_emit+0x15e/0x420\n[    3.328543]  ? eg_cache_remove_entry+0xa5/0x470\n[    3.328910]  ? eg_cache_remove_entry+0x9a/0x470\n[    3.329294]  ? __pfx_eg_cache_remove_entry+0x10/0x10\n[    3.329664]  ? console_unlock+0x107/0x1d0\n[    3.329946]  ? __pfx_console_unlock+0x10/0x10\n[    3.330283]  ? do_syscall_64+0xa6/0x1a0\n[    3.330584]  ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[    3.331090]  ? __pfx_prb_read_valid+0x10/0x10\n[    3.331395]  ? down_trylock+0x52/0x80\n[    3.331703]  ? vprintk_emit+0x15e/0x420\n[    3.331986]  ? __pfx_vprintk_emit+0x10/0x10\n[    3.332279]  ? down_trylock+0x52/0x80\n[    3.332527]  ? _printk+0xbf/0x100\n[    3.332762]  ? __pfx__printk+0x10/0x10\n[    3.333007]  ? _raw_write_lock_irq+0x81/0xe0\n[    3.333284]  ? __pfx__raw_write_lock_irq+0x10/0x10\n[    3.333614]  msg_from_mpoad+0x1185/0x2750\n[    3.333893]  ? __build_skb_around+0x27b/0x3a0\n[    3.334183]  ? __pfx_msg_from_mpoad+0x10/0x10\n[    3.334501]  ? __alloc_skb+0x1c0/0x310\n[    3.334809]  ? __pfx___alloc_skb+0x10/0x10\n[    3.335283]  ? _raw_spin_lock+0xe0/0xe0\n[    3.335632]  ? finish_wait+0x8d/0x1e0\n[    3.335975]  vcc_sendmsg+0x684/0xba0\n[    3.336250]  ? __pfx_vcc_sendmsg+0x10/0x10\n[    3.336587]  ? __pfx_autoremove_wake_function+0x10/0x10\n[    3.337056]  ? fdget+0x176/0x3e0\n[    3.337348]  __sys_sendto+0x4a2/0x510\n[    3.337663]  ? __pfx___sys_sendto+0x10/0x10\n[    3.337969]  ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[    3.338364]  ? sock_ioctl+0x1bb/0x5a0\n[    3.338653]  ? __rseq_handle_notify_resume+0x825/0xd20\n[    3.339017]  ? __pfx_sock_ioctl+0x10/0x10\n[    3.339316]  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[    3.339727]  ? selinux_file_ioctl+0xa4/0x260\n[    3.340166]  __x64_sys_sendto+0xe0/0x1c0\n[    3.340526]  ? syscall_exit_to_user_mode+0x123/0x140\n[    3.340898]  do_syscall_64+0xa6/0x1a0\n[    3.341170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[    3.341533] RIP: 0033:0x44a380\n[    3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[    \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22018",
          "url": "https://www.suse.com/security/cve/CVE-2025-22018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241266 for CVE-2025-22018",
          "url": "https://bugzilla.suse.com/1241266"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22018"
    },
    {
      "cve": "CVE-2025-22021",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22021"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: socket: Lookup orig tuple for IPv6 SNAT\n\nnf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to\nrestore the original 5-tuple in case of SNAT, to be able to find the\nright socket (if any). Then socket_match() can correctly check whether\nthe socket was transparent.\n\nHowever, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this\nconntrack lookup, making xt_socket fail to match on the socket when the\npacket was SNATed. Add the same logic to nf_sk_lookup_slow_v6.\n\nIPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as\npods\u0027 addresses are in the fd00::/8 ULA subnet and need to be replaced\nwith the node\u0027s external address. Cilium leverages Envoy to enforce L7\npolicies, and Envoy uses transparent sockets. Cilium inserts an iptables\nprerouting rule that matches on `-m socket --transparent` and redirects\nthe packets to localhost, but it fails to match SNATed IPv6 packets due\nto that missing conntrack lookup.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22021",
          "url": "https://www.suse.com/security/cve/CVE-2025-22021"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241282 for CVE-2025-22021",
          "url": "https://bugzilla.suse.com/1241282"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-22021"
    },
    {
      "cve": "CVE-2025-22025",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22025"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: put dl_stid if fail to queue dl_recall\n\nBefore calling nfsd4_run_cb to queue dl_recall to the callback_wq, we\nincrement the reference count of dl_stid.\nWe expect that after the corresponding work_struct is processed, the\nreference count of dl_stid will be decremented through the callback\nfunction nfsd4_cb_recall_release.\nHowever, if the call to nfsd4_run_cb fails, the incremented reference\ncount of dl_stid will not be decremented correspondingly, leading to the\nfollowing nfs4_stid leak:\nunreferenced object 0xffff88812067b578 (size 344):\n  comm \"nfsd\", pid 2761, jiffies 4295044002 (age 5541.241s)\n  hex dump (first 32 bytes):\n    01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff  ....kkkk........\n    00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de  .kkkkkkk.....N..\n  backtrace:\n    kmem_cache_alloc+0x4b9/0x700\n    nfsd4_process_open1+0x34/0x300\n    nfsd4_open+0x2d1/0x9d0\n    nfsd4_proc_compound+0x7a2/0xe30\n    nfsd_dispatch+0x241/0x3e0\n    svc_process_common+0x5d3/0xcc0\n    svc_process+0x2a3/0x320\n    nfsd+0x180/0x2e0\n    kthread+0x199/0x1d0\n    ret_from_fork+0x30/0x50\n    ret_from_fork_asm+0x1b/0x30\nunreferenced object 0xffff8881499f4d28 (size 368):\n  comm \"nfsd\", pid 2761, jiffies 4295044005 (age 5541.239s)\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff  ........0M.I....\n    30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00  0M.I.... .......\n  backtrace:\n    kmem_cache_alloc+0x4b9/0x700\n    nfs4_alloc_stid+0x29/0x210\n    alloc_init_deleg+0x92/0x2e0\n    nfs4_set_delegation+0x284/0xc00\n    nfs4_open_delegation+0x216/0x3f0\n    nfsd4_process_open2+0x2b3/0xee0\n    nfsd4_open+0x770/0x9d0\n    nfsd4_proc_compound+0x7a2/0xe30\n    nfsd_dispatch+0x241/0x3e0\n    svc_process_common+0x5d3/0xcc0\n    svc_process+0x2a3/0x320\n    nfsd+0x180/0x2e0\n    kthread+0x199/0x1d0\n    ret_from_fork+0x30/0x50\n    ret_from_fork_asm+0x1b/0x30\nFix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if\nfail to queue dl_recall.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22025",
          "url": "https://www.suse.com/security/cve/CVE-2025-22025"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241361 for CVE-2025-22025",
          "url": "https://bugzilla.suse.com/1241361"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22025"
    },
    {
      "cve": "CVE-2025-22027",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22027"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: streamzap: fix race between device disconnection and urb callback\n\nSyzkaller has reported a general protection fault at function\nir_raw_event_store_with_filter(). This crash is caused by a NULL pointer\ndereference of dev-\u003eraw pointer, even though it is checked for NULL in\nthe same function, which means there is a race condition. It occurs due\nto the incorrect order of actions in the streamzap_disconnect() function:\nrc_unregister_device() is called before usb_kill_urb(). The dev-\u003eraw\npointer is freed and set to NULL in rc_unregister_device(), and only\nafter that usb_kill_urb() waits for in-progress requests to finish.\n\nIf rc_unregister_device() is called while streamzap_callback() handler is\nnot finished, this can lead to accessing freed resources. Thus\nrc_unregister_device() should be called after usb_kill_urb().\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22027",
          "url": "https://www.suse.com/security/cve/CVE-2025-22027"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241369 for CVE-2025-22027",
          "url": "https://bugzilla.suse.com/1241369"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22027"
    },
    {
      "cve": "CVE-2025-22030",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22030"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()\n\nCurrently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding\nthe per-CPU acomp_ctx mutex.  crypto_free_acomp() then holds scomp_lock\n(through crypto_exit_scomp_ops_async()).\n\nOn the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through\ncrypto_scomp_init_tfm()), and then allocates memory.  If the allocation\nresults in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex.\n\nThe above dependencies can cause an ABBA deadlock.  For example in the\nfollowing scenario:\n\n(1) Task A running on CPU #1:\n    crypto_alloc_acomp_node()\n      Holds scomp_lock\n      Enters reclaim\n      Reads per_cpu_ptr(pool-\u003eacomp_ctx, 1)\n\n(2) Task A is descheduled\n\n(3) CPU #1 goes offline\n    zswap_cpu_comp_dead(CPU #1)\n      Holds per_cpu_ptr(pool-\u003eacomp_ctx, 1))\n      Calls crypto_free_acomp()\n      Waits for scomp_lock\n\n(4) Task A running on CPU #2:\n      Waits for per_cpu_ptr(pool-\u003eacomp_ctx, 1) // Read on CPU #1\n      DEADLOCK\n\nSince there is no requirement to call crypto_free_acomp() with the per-CPU\nacomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is\nunlocked.  Also move the acomp_request_free() and kfree() calls for\nconsistency and to avoid any potential sublte locking dependencies in the\nfuture.\n\nWith this, only setting acomp_ctx fields to NULL occurs with the mutex\nheld.  This is similar to how zswap_cpu_comp_prepare() only initializes\nacomp_ctx fields with the mutex held, after performing all allocations\nbefore holding the mutex.\n\nOpportunistically, move the NULL check on acomp_ctx so that it takes place\nbefore the mutex dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22030",
          "url": "https://www.suse.com/security/cve/CVE-2025-22030"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241376 for CVE-2025-22030",
          "url": "https://bugzilla.suse.com/1241376"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22030"
    },
    {
      "cve": "CVE-2025-22033",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22033"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Don\u0027t call NULL in do_compat_alignment_fixup()\n\ndo_alignment_t32_to_handler() only fixes up alignment faults for\nspecific instructions; it returns NULL otherwise (e.g. LDREX). When\nthat\u0027s the case, signal to the caller that it needs to proceed with the\nregular alignment fault handling (i.e. SIGBUS). Without this patch, the\nkernel panics:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000006\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x06: level 2 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000\n  [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000\n  Internal error: Oops: 0000000086000006 [#1] SMP\n  Modules linked in: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa\u003e\n   libcrc32c crc32c_generic raid0 multipath linear dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c\u003e\n  CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1  Debian 6.1.128-1\n  Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021\n  pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0x0\n  lr : do_compat_alignment_fixup+0xd8/0x3dc\n  sp : ffff80000f973dd0\n  x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001\n  x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488\n  x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n  x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000\n  x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001\n  Call trace:\n   0x0\n   do_alignment_fault+0x40/0x50\n   do_mem_abort+0x4c/0xa0\n   el0_da+0x48/0xf0\n   el0t_32_sync_handler+0x110/0x140\n   el0t_32_sync+0x190/0x194\n  Code: bad PC value\n  ---[ end trace 0000000000000000 ]---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22033",
          "url": "https://www.suse.com/security/cve/CVE-2025-22033"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241436 for CVE-2025-22033",
          "url": "https://bugzilla.suse.com/1241436"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22033"
    },
    {
      "cve": "CVE-2025-22044",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22044"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: fix narrowing conversion in acpi_nfit_ctl\n\nSyzkaller has reported a warning in to_nfit_bus_uuid(): \"only secondary\nbus families can be translated\". This warning is emited if the argument\nis equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first\nverifies that a user-provided value call_pkg-\u003end_family of type u64 is\nnot equal to 0. Then the value is converted to int, and only after that\nis compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid\nargument to acpi_nfit_ctl(), if call_pkg-\u003end_family is non-zero, while\nthe lower 32 bits are zero.\n\nFurthermore, it is best to return EINVAL immediately upon seeing the\ninvalid user input.  The WARNING is insufficient to prevent further\nundefined behavior based on other invalid user input.\n\nAll checks of the input value should be applied to the original variable\ncall_pkg-\u003end_family.\n\n[iweiny: update commit message]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22044",
          "url": "https://www.suse.com/security/cve/CVE-2025-22044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241424 for CVE-2025-22044",
          "url": "https://bugzilla.suse.com/1241424"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22044"
    },
    {
      "cve": "CVE-2025-22050",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22050"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet:fix NPE during rx_complete\n\nMissing usbnet_going_away Check in Critical Path.\nThe usb_submit_urb function lacks a usbnet_going_away\nvalidation, whereas __usbnet_queue_skb includes this check.\n\nThis inconsistency creates a race condition where:\nA URB request may succeed, but the corresponding SKB data\nfails to be queued.\n\nSubsequent processes:\n(e.g., rx_complete \u2192 defer_bh \u2192 __skb_unlink(skb, list))\nattempt to access skb-\u003enext, triggering a NULL pointer\ndereference (Kernel Panic).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22050",
          "url": "https://www.suse.com/security/cve/CVE-2025-22050"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241441 for CVE-2025-22050",
          "url": "https://bugzilla.suse.com/1241441"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22050"
    },
    {
      "cve": "CVE-2025-22056",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22056"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tunnel: fix geneve_opt type confusion addition\n\nWhen handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the\nparsing logic should place every geneve_opt structure one by one\ncompactly. Hence, when deciding the next geneve_opt position, the\npointer addition should be in units of char *.\n\nHowever, the current implementation erroneously does type conversion\nbefore the addition, which will lead to heap out-of-bounds write.\n\n[    6.989857] ==================================================================\n[    6.990293] BUG: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70\n[    6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178\n[    6.991162]\n[    6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1\n[    6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[    6.992281] Call Trace:\n[    6.992423]  \u003cTASK\u003e\n[    6.992586]  dump_stack_lvl+0x44/0x5c\n[    6.992801]  print_report+0x184/0x4be\n[    6.993790]  kasan_report+0xc5/0x100\n[    6.994252]  kasan_check_range+0xf3/0x1a0\n[    6.994486]  memcpy+0x38/0x60\n[    6.994692]  nft_tunnel_obj_init+0x977/0xa70\n[    6.995677]  nft_obj_init+0x10c/0x1b0\n[    6.995891]  nf_tables_newobj+0x585/0x950\n[    6.996922]  nfnetlink_rcv_batch+0xdf9/0x1020\n[    6.998997]  nfnetlink_rcv+0x1df/0x220\n[    6.999537]  netlink_unicast+0x395/0x530\n[    7.000771]  netlink_sendmsg+0x3d0/0x6d0\n[    7.001462]  __sock_sendmsg+0x99/0xa0\n[    7.001707]  ____sys_sendmsg+0x409/0x450\n[    7.002391]  ___sys_sendmsg+0xfd/0x170\n[    7.003145]  __sys_sendmsg+0xea/0x170\n[    7.004359]  do_syscall_64+0x5e/0x90\n[    7.005817]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[    7.006127] RIP: 0033:0x7ec756d4e407\n[    7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[    7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n[    7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407\n[    7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003\n[    7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000\n[    7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\n[    7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8\n\nFix this bug with correct pointer addition and conversion in parse\nand dump code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22056",
          "url": "https://www.suse.com/security/cve/CVE-2025-22056"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241525 for CVE-2025-22056",
          "url": "https://bugzilla.suse.com/1241525"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22056"
    },
    {
      "cve": "CVE-2025-22057",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22057"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: decrease cached dst counters in dst_release\n\nUpstream fix ac888d58869b (\"net: do not delay dst_entries_add() in\ndst_release()\") moved decrementing the dst count from dst_destroy to\ndst_release to avoid accessing already freed data in case of netns\ndismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels\nare used, this fix is incomplete as the same issue will be seen for\ncached dsts:\n\n  Unable to handle kernel paging request at virtual address ffff5aabf6b5c000\n  Call trace:\n   percpu_counter_add_batch+0x3c/0x160 (P)\n   dst_release+0xec/0x108\n   dst_cache_destroy+0x68/0xd8\n   dst_destroy+0x13c/0x168\n   dst_destroy_rcu+0x1c/0xb0\n   rcu_do_batch+0x18c/0x7d0\n   rcu_core+0x174/0x378\n   rcu_core_si+0x18/0x30\n\nFix this by invalidating the cache, and thus decrementing cached dst\ncounters, in dst_release too.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22057",
          "url": "https://www.suse.com/security/cve/CVE-2025-22057"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241533 for CVE-2025-22057",
          "url": "https://bugzilla.suse.com/1241533"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22057"
    },
    {
      "cve": "CVE-2025-22058",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22058"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix memory accounting leak.\n\nMatt Dowling reported a weird UDP memory usage issue.\n\nUnder normal operation, the UDP memory usage reported in /proc/net/sockstat\nremains close to zero.  However, it occasionally spiked to 524,288 pages\nand never dropped.  Moreover, the value doubled when the application was\nterminated.  Finally, it caused intermittent packet drops.\n\nWe can reproduce the issue with the script below [0]:\n\n  1. /proc/net/sockstat reports 0 pages\n\n    # cat /proc/net/sockstat | grep UDP:\n    UDP: inuse 1 mem 0\n\n  2. Run the script till the report reaches 524,288\n\n    # python3 test.py \u0026 sleep 5\n    # cat /proc/net/sockstat | grep UDP:\n    UDP: inuse 3 mem 524288  \u003c-- (INT_MAX + 1) \u003e\u003e PAGE_SHIFT\n\n  3. Kill the socket and confirm the number never drops\n\n    # pkill python3 \u0026\u0026 sleep 5\n    # cat /proc/net/sockstat | grep UDP:\n    UDP: inuse 1 mem 524288\n\n  4. (necessary since v6.0) Trigger proto_memory_pcpu_drain()\n\n    # python3 test.py \u0026 sleep 1 \u0026\u0026 pkill python3\n\n  5. The number doubles\n\n    # cat /proc/net/sockstat | grep UDP:\n    UDP: inuse 1 mem 1048577\n\nThe application set INT_MAX to SO_RCVBUF, which triggered an integer\noverflow in udp_rmem_release().\n\nWhen a socket is close()d, udp_destruct_common() purges its receive\nqueue and sums up skb-\u003etruesize in the queue.  This total is calculated\nand stored in a local unsigned integer variable.\n\nThe total size is then passed to udp_rmem_release() to adjust memory\naccounting.  However, because the function takes a signed integer\nargument, the total size can wrap around, causing an overflow.\n\nThen, the released amount is calculated as follows:\n\n  1) Add size to sk-\u003esk_forward_alloc.\n  2) Round down sk-\u003esk_forward_alloc to the nearest lower multiple of\n      PAGE_SIZE and assign it to amount.\n  3) Subtract amount from sk-\u003esk_forward_alloc.\n  4) Pass amount \u003e\u003e PAGE_SHIFT to __sk_mem_reduce_allocated().\n\nWhen the issue occurred, the total in udp_destruct_common() was 2147484480\n(INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release().\n\nAt 1) sk-\u003esk_forward_alloc is changed from 3264 to -2147479552, and\n2) sets -2147479552 to amount.  3) reverts the wraparound, so we don\u0027t\nsee a warning in inet_sock_destruct().  However, udp_memory_allocated\nends up doubling at 4).\n\nSince commit 3cd3399dd7a8 (\"net: implement per-cpu reserves for\nmemory_allocated\"), memory usage no longer doubles immediately after\na socket is close()d because __sk_mem_reduce_allocated() caches the\namount in udp_memory_per_cpu_fw_alloc.  However, the next time a UDP\nsocket receives a packet, the subtraction takes effect, causing UDP\nmemory usage to double.\n\nThis issue makes further memory allocation fail once the socket\u0027s\nsk-\u003esk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet\ndrops.\n\nTo prevent this issue, let\u0027s use unsigned int for the calculation and\ncall sk_forward_alloc_add() only once for the small delta.\n\nNote that first_packet_length() also potentially has the same problem.\n\n[0]:\nfrom socket import *\n\nSO_RCVBUFFORCE = 33\nINT_MAX = (2 ** 31) - 1\n\ns = socket(AF_INET, SOCK_DGRAM)\ns.bind((\u0027\u0027, 0))\ns.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX)\n\nc = socket(AF_INET, SOCK_DGRAM)\nc.connect(s.getsockname())\n\ndata = b\u0027a\u0027 * 100\n\nwhile True:\n    c.send(data)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22058",
          "url": "https://www.suse.com/security/cve/CVE-2025-22058"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241332 for CVE-2025-22058",
          "url": "https://bugzilla.suse.com/1241332"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22058"
    },
    {
      "cve": "CVE-2025-22062",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22062"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: add mutual exclusion in proc_sctp_do_udp_port()\n\nWe must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()\nor risk a crash as syzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\n RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653\nCall Trace:\n \u003cTASK\u003e\n  udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181\n  sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930\n  proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553\n  proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601\n  iter_file_splice_write+0x91c/0x1150 fs/splice.c:738\n  do_splice_from fs/splice.c:935 [inline]\n  direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158\n  splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102\n  do_splice_direct_actor fs/splice.c:1201 [inline]\n  do_splice_direct+0x174/0x240 fs/splice.c:1227\n  do_sendfile+0xafd/0xe50 fs/read_write.c:1368\n  __do_sys_sendfile64 fs/read_write.c:1429 [inline]\n  __se_sys_sendfile64 fs/read_write.c:1415 [inline]\n  __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415\n  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22062",
          "url": "https://www.suse.com/security/cve/CVE-2025-22062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241412 for CVE-2025-22062",
          "url": "https://bugzilla.suse.com/1241412"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22062"
    },
    {
      "cve": "CVE-2025-22063",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22063"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets\n\nWhen calling netlbl_conn_setattr(), addr-\u003esa_family is used\nto determine the function behavior. If sk is an IPv4 socket,\nbut the connect function is called with an IPv6 address,\nthe function calipso_sock_setattr() is triggered.\nInside this function, the following code is executed:\n\nsk_fullsock(__sk) ? inet_sk(__sk)-\u003epinet6 : NULL;\n\nSince sk is an IPv4 socket, pinet6 is NULL, leading to a\nnull pointer dereference.\n\nThis patch fixes the issue by checking if inet6_sk(sk)\nreturns a NULL pointer before accessing pinet6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22063",
          "url": "https://www.suse.com/security/cve/CVE-2025-22063"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241351 for CVE-2025-22063",
          "url": "https://bugzilla.suse.com/1241351"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22063"
    },
    {
      "cve": "CVE-2025-22064",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22064"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t unregister hook when table is dormant\n\nWhen nf_tables_updchain encounters an error, hook registration needs to\nbe rolled back.\n\nThis should only be done if the hook has been registered, which won\u0027t\nhappen when the table is flagged as dormant (inactive).\n\nJust move the assignment into the registration block.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22064",
          "url": "https://www.suse.com/security/cve/CVE-2025-22064"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241413 for CVE-2025-22064",
          "url": "https://bugzilla.suse.com/1241413"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22064"
    },
    {
      "cve": "CVE-2025-22065",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22065"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix adapter NULL pointer dereference on reboot\n\nWith SRIOV enabled, idpf ends up calling into idpf_remove() twice.\nFirst via idpf_shutdown() and then again when idpf_remove() calls into\nsriov_disable(), because the VF devices use the idpf driver, hence the\nsame remove routine. When that happens, it is possible for the adapter\nto be NULL from the first call to idpf_remove(), leading to a NULL\npointer dereference.\n\necho 1 \u003e /sys/class/net/\u003cnetif\u003e/device/sriov_numvfs\nreboot\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\n...\nRIP: 0010:idpf_remove+0x22/0x1f0 [idpf]\n...\n? idpf_remove+0x22/0x1f0 [idpf]\n? idpf_remove+0x1e4/0x1f0 [idpf]\npci_device_remove+0x3f/0xb0\ndevice_release_driver_internal+0x19f/0x200\npci_stop_bus_device+0x6d/0x90\npci_stop_and_remove_bus_device+0x12/0x20\npci_iov_remove_virtfn+0xbe/0x120\nsriov_disable+0x34/0xe0\nidpf_sriov_configure+0x58/0x140 [idpf]\nidpf_remove+0x1b9/0x1f0 [idpf]\nidpf_shutdown+0x12/0x30 [idpf]\npci_device_shutdown+0x35/0x60\ndevice_shutdown+0x156/0x200\n...\n\nReplace the direct idpf_remove() call in idpf_shutdown() with\nidpf_vc_core_deinit() and idpf_deinit_dflt_mbx(), which perform\nthe bulk of the cleanup, such as stopping the init task, freeing IRQs,\ndestroying the vports and freeing the mailbox. This avoids the calls to\nsriov_disable() in addition to a small netdev cleanup, and destroying\nworkqueues, which don\u0027t seem to be required on shutdown.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22065",
          "url": "https://www.suse.com/security/cve/CVE-2025-22065"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241333 for CVE-2025-22065",
          "url": "https://bugzilla.suse.com/1241333"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22065"
    },
    {
      "cve": "CVE-2025-22070",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22070"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix NULL pointer dereference on mkdir\n\nWhen a 9p tree was mounted with option \u0027posixacl\u0027, parent directory had a\ndefault ACL set for its subdirectories, e.g.:\n\n  setfacl -m default:group:simpsons:rwx parentdir\n\nthen creating a subdirectory crashed 9p client, as v9fs_fid_add() call in\nfunction v9fs_vfs_mkdir_dotl() sets the passed \u0027fid\u0027 pointer to NULL\n(since dafbe689736) even though the subsequent v9fs_set_create_acl() call\nexpects a valid non-NULL \u0027fid\u0027 pointer:\n\n  [   37.273191] BUG: kernel NULL pointer dereference, address: 0000000000000000\n  ...\n  [   37.322338] Call Trace:\n  [   37.323043]  \u003cTASK\u003e\n  [   37.323621] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n  [   37.324448] ? page_fault_oops (arch/x86/mm/fault.c:714)\n  [   37.325532] ? search_module_extables (kernel/module/main.c:3733)\n  [   37.326742] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n  [   37.328006] ? search_bpf_extables (kernel/bpf/core.c:804)\n  [   37.329142] ? exc_page_fault (./arch/x86/include/asm/paravirt.h:686 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538)\n  [   37.330196] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:574)\n  [   37.331330] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n  [   37.332562] ? v9fs_fid_xattr_get (fs/9p/xattr.c:30) 9p\n  [   37.333824] v9fs_fid_xattr_set (fs/9p/fid.h:23 fs/9p/xattr.c:121) 9p\n  [   37.335077] v9fs_set_acl (fs/9p/acl.c:276) 9p\n  [   37.336112] v9fs_set_create_acl (fs/9p/acl.c:307) 9p\n  [   37.337326] v9fs_vfs_mkdir_dotl (fs/9p/vfs_inode_dotl.c:411) 9p\n  [   37.338590] vfs_mkdir (fs/namei.c:4313)\n  [   37.339535] do_mkdirat (fs/namei.c:4336)\n  [   37.340465] __x64_sys_mkdir (fs/namei.c:4354)\n  [   37.341455] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n  [   37.342447] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by simply swapping the sequence of these two calls in\nv9fs_vfs_mkdir_dotl(), i.e. calling v9fs_set_create_acl() before\nv9fs_fid_add().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22070",
          "url": "https://www.suse.com/security/cve/CVE-2025-22070"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241305 for CVE-2025-22070",
          "url": "https://bugzilla.suse.com/1241305"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22070"
    },
    {
      "cve": "CVE-2025-22075",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22075"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Allocate vfinfo size for VF GUIDs when supported\n\nCommit 30aad41721e0 (\"net/core: Add support for getting VF GUIDs\")\nadded support for getting VF port and node GUIDs in netlink ifinfo\nmessages, but their size was not taken into consideration in the\nfunction that allocates the netlink message, causing the following\nwarning when a netlink message is filled with many VF port and node\nGUIDs:\n # echo 64 \u003e /sys/bus/pci/devices/0000\\:08\\:00.0/sriov_numvfs\n # ip link show dev ib0\n RTNETLINK answers: Message too long\n Cannot send link get request: Message too long\n\nKernel warning:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnl_getlink+0x586/0x5a0\n Modules linked in: xt_conntrack xt_MASQUERADE nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay mlx5_ib macsec mlx5_core tls rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm iw_cm ib_ipoib fuse ib_cm ib_core\n CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:rtnl_getlink+0x586/0x5a0\n Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff \u003c0f\u003e 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00\n RSP: 0018:ffff888113557348 EFLAGS: 00010246\n RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000\n RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8\n RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000\n R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00\n R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff\n FS:  00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n  \u003cTASK\u003e\n  ? __warn+0xa5/0x230\n  ? rtnl_getlink+0x586/0x5a0\n  ? report_bug+0x22d/0x240\n  ? handle_bug+0x53/0xa0\n  ? exc_invalid_op+0x14/0x50\n  ? asm_exc_invalid_op+0x16/0x20\n  ? skb_trim+0x6a/0x80\n  ? rtnl_getlink+0x586/0x5a0\n  ? __pfx_rtnl_getlink+0x10/0x10\n  ? rtnetlink_rcv_msg+0x1e5/0x860\n  ? __pfx___mutex_lock+0x10/0x10\n  ? rcu_is_watching+0x34/0x60\n  ? __pfx_lock_acquire+0x10/0x10\n  ? stack_trace_save+0x90/0xd0\n  ? filter_irq_stacks+0x1d/0x70\n  ? kasan_save_stack+0x30/0x40\n  ? kasan_save_stack+0x20/0x40\n  ? kasan_save_track+0x10/0x30\n  rtnetlink_rcv_msg+0x21c/0x860\n  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n  ? arch_stack_walk+0x9e/0xf0\n  ? rcu_is_watching+0x34/0x60\n  ? lock_acquire+0xd5/0x410\n  ? rcu_is_watching+0x34/0x60\n  netlink_rcv_skb+0xe0/0x210\n  ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n  ? __pfx_netlink_rcv_skb+0x10/0x10\n  ? rcu_is_watching+0x34/0x60\n  ? __pfx___netlink_lookup+0x10/0x10\n  ? lock_release+0x62/0x200\n  ? netlink_deliver_tap+0xfd/0x290\n  ? rcu_is_watching+0x34/0x60\n  ? lock_release+0x62/0x200\n  ? netlink_deliver_tap+0x95/0x290\n  netlink_unicast+0x31f/0x480\n  ? __pfx_netlink_unicast+0x10/0x10\n  ? rcu_is_watching+0x34/0x60\n  ? lock_acquire+0xd5/0x410\n  netlink_sendmsg+0x369/0x660\n  ? lock_release+0x62/0x200\n  ? __pfx_netlink_sendmsg+0x10/0x10\n  ? import_ubuf+0xb9/0xf0\n  ? __import_iovec+0x254/0x2b0\n  ? lock_release+0x62/0x200\n  ? __pfx_netlink_sendmsg+0x10/0x10\n  ____sys_sendmsg+0x559/0x5a0\n  ? __pfx_____sys_sendmsg+0x10/0x10\n  ? __pfx_copy_msghdr_from_user+0x10/0x10\n  ? rcu_is_watching+0x34/0x60\n  ? do_read_fault+0x213/0x4a0\n  ? rcu_is_watching+0x34/0x60\n  ___sys_sendmsg+0xe4/0x150\n  ? __pfx____sys_sendmsg+0x10/0x10\n  ? do_fault+0x2cc/0x6f0\n  ? handle_pte_fault+0x2e3/0x3d0\n  ? __pfx_handle_pte_fault+0x10/0x10\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22075",
          "url": "https://www.suse.com/security/cve/CVE-2025-22075"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241402 for CVE-2025-22075",
          "url": "https://bugzilla.suse.com/1241402"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22075"
    },
    {
      "cve": "CVE-2025-22085",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22085"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix use-after-free when rename device name\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099\nRead of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025\n\nCPU: 0 UID: 0 PID: 10025 Comm: syz.0.988\nNot tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x16e/0x5b0 mm/kasan/report.c:521\n kasan_report+0x143/0x180 mm/kasan/report.c:634\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n nla_put+0xd3/0x150 lib/nlattr.c:1099\n nla_put_string include/net/netlink.h:1621 [inline]\n fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265\n rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857\n ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344\n ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460\n rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540\n rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212\n nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:709 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:724\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2564\n ___sys_sendmsg net/socket.c:2618 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2650\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f42d1b8d169\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ...\nRSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169\nRDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c\nRBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8\n \u003c/TASK\u003e\n\nAllocated by task 10025:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313\n __kmemdup_nul mm/util.c:61 [inline]\n kstrdup+0x42/0x100 mm/util.c:81\n kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274\n dev_set_name+0xd5/0x120 drivers/base/core.c:3468\n assign_name drivers/infiniband/core/device.c:1202 [inline]\n ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384\n rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540\n rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212\n nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8de/0xcb0 net\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22085",
          "url": "https://www.suse.com/security/cve/CVE-2025-22085"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241419 for CVE-2025-22085",
          "url": "https://bugzilla.suse.com/1241419"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22085"
    },
    {
      "cve": "CVE-2025-22086",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22086"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow\n\nWhen cur_qp isn\u0027t NULL, in order to avoid fetching the QP from\nthe radix tree again we check if the next cqe QP is identical to\nthe one we already have.\n\nThe bug however is that we are checking if the QP is identical by\nchecking the QP number inside the CQE against the QP number inside the\nmlx5_ib_qp, but that\u0027s wrong since the QP number from the CQE is from\nFW so it should be matched against mlx5_core_qp which is our FW QP\nnumber.\n\nOtherwise we could use the wrong QP when handling a CQE which could\ncause the kernel trace below.\n\nThis issue is mainly noticeable over QPs 0 \u0026 1, since for now they are\nthe only QPs in our driver whereas the QP number inside mlx5_ib_qp\ndoesn\u0027t match the QP number inside mlx5_core_qp.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP\n CPU: 0 UID: 0 PID: 7927 Comm: kworker/u62:1 Not tainted 6.14.0-rc3+ #189\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]\n RIP: 0010:mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n Code: 03 00 00 8d 58 ff 21 cb 66 39 d3 74 39 48 c7 c7 3c 89 6e a0 0f b7 db e8 b7 d2 b3 e0 49 8b 86 60 03 00 00 48 c7 c7 4a 89 6e a0 \u003c0f\u003e b7 5c 98 02 e8 9f d2 b3 e0 41 0f b7 86 78 03 00 00 83 e8 01 21\n RSP: 0018:ffff88810511bd60 EFLAGS: 00010046\n RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff88885fa1b3c0 RDI: ffffffffa06e894a\n RBP: 00000000000000b0 R08: 0000000000000000 R09: ffff88810511bc10\n R10: 0000000000000001 R11: 0000000000000001 R12: ffff88810d593000\n R13: ffff88810e579108 R14: ffff888105146000 R15: 00000000000000b0\n FS:  0000000000000000(0000) GS:ffff88885fa00000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000012 CR3: 00000001077e6001 CR4: 0000000000370eb0\n Call Trace:\n  \u003cTASK\u003e\n  ? __die+0x20/0x60\n  ? page_fault_oops+0x150/0x3e0\n  ? exc_page_fault+0x74/0x130\n  ? asm_exc_page_fault+0x22/0x30\n  ? mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n  __ib_process_cq+0x5a/0x150 [ib_core]\n  ib_cq_poll_work+0x31/0x90 [ib_core]\n  process_one_work+0x169/0x320\n  worker_thread+0x288/0x3a0\n  ? work_busy+0xb0/0xb0\n  kthread+0xd7/0x1f0\n  ? kthreads_online_cpu+0x130/0x130\n  ? kthreads_online_cpu+0x130/0x130\n  ret_from_fork+0x2d/0x50\n  ? kthreads_online_cpu+0x130/0x130\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22086",
          "url": "https://www.suse.com/security/cve/CVE-2025-22086"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241458 for CVE-2025-22086",
          "url": "https://bugzilla.suse.com/1241458"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22086"
    },
    {
      "cve": "CVE-2025-22088",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22088"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/erdma: Prevent use-after-free in erdma_accept_newconn()\n\nAfter the erdma_cep_put(new_cep) being called, new_cep will be freed,\nand the following dereference will cause a UAF problem. Fix this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22088",
          "url": "https://www.suse.com/security/cve/CVE-2025-22088"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241528 for CVE-2025-22088",
          "url": "https://bugzilla.suse.com/1241528"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22088"
    },
    {
      "cve": "CVE-2025-22091",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22091"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix page_size variable overflow\n\nChange all variables storing mlx5_umem_mkc_find_best_pgsz() result to\nunsigned long to support values larger than 31 and avoid overflow.\n\nFor example: If we try to register 4GB of memory that is contiguous in\nphysical memory, the driver will optimize the page_size and try to use\nan mkey with 4GB entity size. The \u0027unsigned int\u0027 page_size variable will\noverflow to \u00270\u0027 and we\u0027ll hit the WARN_ON() in alloc_cacheable_mr().\n\nWARNING: CPU: 2 PID: 1203 at drivers/infiniband/hw/mlx5/mr.c:1124 alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\nModules linked in: mlx5_ib mlx5_core bonding ip6_gre ip6_tunnel tunnel6 ip_gre gre rdma_rxe rdma_ucm ib_uverbs ib_ipoib ib_umad rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm fuse ib_core [last unloaded: mlx5_core]\nCPU: 2 UID: 70878 PID: 1203 Comm: rdma_resource_l Tainted: G        W          6.14.0-rc4-dirty #43\nTainted: [W]=WARN\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\nCode: 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 41 52 53 48 83 ec 30 f6 46 28 04 4c 8b 77 08 75 21 \u003c0f\u003e 0b 49 c7 c2 ea ff ff ff 48 8d 65 d0 4c 89 d0 5b 41 5a 41 5c 41\nRSP: 0018:ffffc900006ffac8 EFLAGS: 00010246\nRAX: 0000000004c0d0d0 RBX: ffff888217a22000 RCX: 0000000000100001\nRDX: 00007fb7ac480000 RSI: ffff8882037b1240 RDI: ffff8882046f0600\nRBP: ffffc900006ffb28 R08: 0000000000000001 R09: 0000000000000000\nR10: 00000000000007e0 R11: ffffea0008011d40 R12: ffff8882037b1240\nR13: ffff8882046f0600 R14: ffff888217a22000 R15: ffffc900006ffe00\nFS:  00007fb7ed013340(0000) GS:ffff88885fd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fb7ed1d8000 CR3: 00000001fd8f6006 CR4: 0000000000772eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x81/0x130\n ? alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\n ? report_bug+0xfc/0x1e0\n ? handle_bug+0x55/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? alloc_cacheable_mr+0x22/0x580 [mlx5_ib]\n create_real_mr+0x54/0x150 [mlx5_ib]\n ib_uverbs_reg_mr+0x17f/0x2a0 [ib_uverbs]\n ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xca/0x140 [ib_uverbs]\n ib_uverbs_run_method+0x6d0/0x780 [ib_uverbs]\n ? __pfx_ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x10/0x10 [ib_uverbs]\n ib_uverbs_cmd_verbs+0x19b/0x360 [ib_uverbs]\n ? walk_system_ram_range+0x79/0xd0\n ? ___pte_offset_map+0x1b/0x110\n ? __pte_offset_map_lock+0x80/0x100\n ib_uverbs_ioctl+0xac/0x110 [ib_uverbs]\n __x64_sys_ioctl+0x94/0xb0\n do_syscall_64+0x50/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fb7ecf0737b\nCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 2a 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffdbe03ecc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffdbe03edb8 RCX: 00007fb7ecf0737b\nRDX: 00007ffdbe03eda0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffdbe03ed80 R08: 00007fb7ecc84010 R09: 00007ffdbe03eed4\nR10: 0000000000000009 R11: 0000000000000246 R12: 00007ffdbe03eed4\nR13: 000000000000000c R14: 000000000000000c R15: 00007fb7ecc84150\n \u003c/TASK\u003e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22091",
          "url": "https://www.suse.com/security/cve/CVE-2025-22091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241535 for CVE-2025-22091",
          "url": "https://bugzilla.suse.com/1241535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22091"
    },
    {
      "cve": "CVE-2025-22093",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22093"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid NPD when ASIC does not support DMUB\n\nctx-\u003edmub_srv will de NULL if the ASIC does not support DMUB, which is\ntested in dm_dmub_sw_init.\n\nHowever, it will be dereferenced in dmub_hw_lock_mgr_cmd if\nshould_use_dmub_lock returns true.\n\nThis has been the case since dmub support has been added for PSR1.\n\nFix this by checking for dmub_srv in should_use_dmub_lock.\n\n[   37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[   37.447808] #PF: supervisor read access in kernel mode\n[   37.452959] #PF: error_code(0x0000) - not-present page\n[   37.458112] PGD 0 P4D 0\n[   37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n[   37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88\n[   37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023\n[   37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0\n[   37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 \u003c48\u003e 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5\n[   37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202\n[   37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358\n[   37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000\n[   37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5\n[   37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000\n[   37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000\n[   37.551725] FS:  0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000\n[   37.559814] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0\n[   37.572697] Call Trace:\n[   37.575152]  \u003cTASK\u003e\n[   37.577258]  ? __die_body+0x66/0xb0\n[   37.580756]  ? page_fault_oops+0x3e7/0x4a0\n[   37.584861]  ? exc_page_fault+0x3e/0xe0\n[   37.588706]  ? exc_page_fault+0x5c/0xe0\n[   37.592550]  ? asm_exc_page_fault+0x22/0x30\n[   37.596742]  ? dmub_hw_lock_mgr_cmd+0x77/0xb0\n[   37.601107]  dcn10_cursor_lock+0x1e1/0x240\n[   37.605211]  program_cursor_attributes+0x81/0x190\n[   37.609923]  commit_planes_for_stream+0x998/0x1ef0\n[   37.614722]  update_planes_and_stream_v2+0x41e/0x5c0\n[   37.619703]  dc_update_planes_and_stream+0x78/0x140\n[   37.624588]  amdgpu_dm_atomic_commit_tail+0x4362/0x49f0\n[   37.629832]  ? srso_return_thunk+0x5/0x5f\n[   37.633847]  ? mark_held_locks+0x6d/0xd0\n[   37.637774]  ? _raw_spin_unlock_irq+0x24/0x50\n[   37.642135]  ? srso_return_thunk+0x5/0x5f\n[   37.646148]  ? lockdep_hardirqs_on+0x95/0x150\n[   37.650510]  ? srso_return_thunk+0x5/0x5f\n[   37.654522]  ? _raw_spin_unlock_irq+0x2f/0x50\n[   37.658883]  ? srso_return_thunk+0x5/0x5f\n[   37.662897]  ? wait_for_common+0x186/0x1c0\n[   37.666998]  ? srso_return_thunk+0x5/0x5f\n[   37.671009]  ? drm_crtc_next_vblank_start+0xc3/0x170\n[   37.675983]  commit_tail+0xf5/0x1c0\n[   37.679478]  drm_atomic_helper_commit+0x2a2/0x2b0\n[   37.684186]  drm_atomic_commit+0xd6/0x100\n[   37.688199]  ? __cfi___drm_printfn_info+0x10/0x10\n[   37.692911]  drm_atomic_helper_update_plane+0xe5/0x130\n[   37.698054]  drm_mode_cursor_common+0x501/0x670\n[   37.702600]  ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[   37.707572]  drm_mode_cursor_ioctl+0x48/0x70\n[   37.711851]  drm_ioctl_kernel+0xf2/0x150\n[   37.715781]  drm_ioctl+0x363/0x590\n[   37.719189]  ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[   37.724165]  amdgpu_drm_ioctl+0x41/0x80\n[   37.728013]  __se_sys_ioctl+0x7f/0xd0\n[   37.731685]  do_syscall_64+0x87/0x100\n[   37.735355]  ? vma_end_read+0x12/0xe0\n[   37.739024]  ? srso_return_thunk+0x5/0x5f\n[   37.743041]  ? find_held_lock+0x47/0xf0\n[   37.746884]  ? vma_end_read+0x12/0xe0\n[   37.750552]  ? srso_return_thunk+0x5/0\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22093",
          "url": "https://www.suse.com/security/cve/CVE-2025-22093"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241545 for CVE-2025-22093",
          "url": "https://bugzilla.suse.com/1241545"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22093"
    },
    {
      "cve": "CVE-2025-22094",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22094"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Fix ref-counting on the PMU \u0027vpa_pmu\u0027\n\nCommit 176cda0619b6 (\"powerpc/perf: Add perf interface to expose vpa\ncounters\") introduced \u0027vpa_pmu\u0027 to expose Book3s-HV nested APIv2 provided\nL1\u003c-\u003eL2 context switch latency counters to L1 user-space via\nperf-events. However the newly introduced PMU named \u0027vpa_pmu\u0027 doesn\u0027t\nassign ownership of the PMU to the module \u0027vpa_pmu\u0027. Consequently the\nmodule \u0027vpa_pmu\u0027 can be unloaded while one of the perf-events are still\nactive, which can lead to kernel oops and panic of the form below on a\nPseries-LPAR:\n\nBUG: Kernel NULL pointer dereference on read at 0x00000058\n\u003csnip\u003e\n NIP [c000000000506cb8] event_sched_out+0x40/0x258\n LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0\n Call Trace:\n [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable)\n [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0\n [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120\n\u003csnip\u003e\n Kernel panic - not syncing: Aiee, killing interrupt handler!\n\nFix this by adding the module ownership to \u0027vpa_pmu\u0027 so that the module\n\u0027vpa_pmu\u0027 is ref-counted and prevented from being unloaded when perf-events\nare initialized.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22094",
          "url": "https://www.suse.com/security/cve/CVE-2025-22094"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241512 for CVE-2025-22094",
          "url": "https://bugzilla.suse.com/1241512"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22094"
    },
    {
      "cve": "CVE-2025-22097",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22097"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Fix use after free and double free on init error\n\nIf the driver initialization fails, the vkms_exit() function might\naccess an uninitialized or freed default_config pointer and it might\ndouble free it.\n\nFix both possible errors by initializing default_config only when the\ndriver initialization succeeded.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22097",
          "url": "https://www.suse.com/security/cve/CVE-2025-22097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241541 for CVE-2025-22097",
          "url": "https://bugzilla.suse.com/1241541"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241542 for CVE-2025-22097",
          "url": "https://bugzilla.suse.com/1241542"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22097"
    },
    {
      "cve": "CVE-2025-22102",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22102"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix kernel panic during FW release\n\nThis fixes a kernel panic seen during release FW in a stress test\nscenario where WLAN and BT FW download occurs simultaneously, and due to\na HW bug, chip sends out only 1 bootloader signatures.\n\nWhen driver receives the bootloader signature, it enters FW download\nmode, but since no consequtive bootloader signatures seen, FW file is\nnot requested.\n\nAfter 60 seconds, when FW download times out, release_firmware causes a\nkernel panic.\n\n[ 2601.949184] Unable to handle kernel paging request at virtual address 0000312e6f006573\n[ 2601.992076] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000111802000\n[ 2601.992080] [0000312e6f006573] pgd=0000000000000000, p4d=0000000000000000\n[ 2601.992087] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP\n[ 2601.992091] Modules linked in: algif_hash algif_skcipher af_alg btnxpuart(O) pciexxx(O) mlan(O) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce snd_soc_fsl_easrc snd_soc_fsl_asoc_card imx8_media_dev(C) snd_soc_fsl_micfil polyval_generic snd_soc_fsl_xcvr snd_soc_fsl_sai snd_soc_imx_audmux snd_soc_fsl_asrc snd_soc_imx_card snd_soc_imx_hdmi snd_soc_fsl_aud2htx snd_soc_fsl_utils imx_pcm_dma dw_hdmi_cec flexcan can_dev\n[ 2602.001825] CPU: 2 PID: 20060 Comm: hciconfig Tainted: G         C O       6.6.23-lts-next-06236-gb586a521770e #1\n[ 2602.010182] Hardware name: NXP i.MX8MPlus EVK board (DT)\n[ 2602.010185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2602.010191] pc : _raw_spin_lock+0x34/0x68\n[ 2602.010201] lr : free_fw_priv+0x20/0xfc\n[ 2602.020561] sp : ffff800089363b30\n[ 2602.020563] x29: ffff800089363b30 x28: ffff0000d0eb5880 x27: 0000000000000000\n[ 2602.020570] x26: 0000000000000000 x25: ffff0000d728b330 x24: 0000000000000000\n[ 2602.020577] x23: ffff0000dc856f38\n[ 2602.033797] x22: ffff800089363b70 x21: ffff0000dc856000\n[ 2602.033802] x20: ff00312e6f006573 x19: ffff0000d0d9ea80 x18: 0000000000000000\n[ 2602.033809] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaad80dd480\n[ 2602.083320] x14: 0000000000000000 x13: 00000000000001b9 x12: 0000000000000002\n[ 2602.083326] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff800089363a30\n[ 2602.083333] x8 : ffff0001793d75c0 x7 : ffff0000d6dbc400 x6 : 0000000000000000\n[ 2602.083339] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000001\n[ 2602.083346] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ff00312e6f006573\n[ 2602.083354] Call trace:\n[ 2602.083356]  _raw_spin_lock+0x34/0x68\n[ 2602.083364]  release_firmware+0x48/0x6c\n[ 2602.083370]  nxp_setup+0x3c4/0x540 [btnxpuart]\n[ 2602.083383]  hci_dev_open_sync+0xf0/0xa34\n[ 2602.083391]  hci_dev_open+0xd8/0x178\n[ 2602.083399]  hci_sock_ioctl+0x3b0/0x590\n[ 2602.083405]  sock_do_ioctl+0x60/0x118\n[ 2602.083413]  sock_ioctl+0x2f4/0x374\n[ 2602.091430]  __arm64_sys_ioctl+0xac/0xf0\n[ 2602.091437]  invoke_syscall+0x48/0x110\n[ 2602.091445]  el0_svc_common.constprop.0+0xc0/0xe0\n[ 2602.091452]  do_el0_svc+0x1c/0x28\n[ 2602.091457]  el0_svc+0x40/0xe4\n[ 2602.091465]  el0t_64_sync_handler+0x120/0x12c\n[ 2602.091470]  el0t_64_sync+0x190/0x194",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22102",
          "url": "https://www.suse.com/security/cve/CVE-2025-22102"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241456 for CVE-2025-22102",
          "url": "https://bugzilla.suse.com/1241456"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22102"
    },
    {
      "cve": "CVE-2025-22103",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22103"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix NULL pointer dereference in l3mdev_l3_rcv\n\nWhen delete l3s ipvlan:\n\n    ip link del link eth0 ipvlan1 type ipvlan mode l3s\n\nThis may cause a null pointer dereference:\n\n    Call trace:\n     ip_rcv_finish+0x48/0xd0\n     ip_rcv+0x5c/0x100\n     __netif_receive_skb_one_core+0x64/0xb0\n     __netif_receive_skb+0x20/0x80\n     process_backlog+0xb4/0x204\n     napi_poll+0xe8/0x294\n     net_rx_action+0xd8/0x22c\n     __do_softirq+0x12c/0x354\n\nThis is because l3mdev_l3_rcv() visit dev-\u003el3mdev_ops after\nipvlan_l3s_unregister() assign the dev-\u003el3mdev_ops to NULL. The process\nlike this:\n\n    (CPU1)                     | (CPU2)\n    l3mdev_l3_rcv()            |\n      check dev-\u003epriv_flags:   |\n        master = skb-\u003edev;     |\n                               |\n                               | ipvlan_l3s_unregister()\n                               |   set dev-\u003epriv_flags\n                               |   dev-\u003el3mdev_ops = NULL;\n                               |\n      visit master-\u003el3mdev_ops |\n\nTo avoid this by do not set dev-\u003el3mdev_ops when unregister l3s ipvlan.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22103",
          "url": "https://www.suse.com/security/cve/CVE-2025-22103"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241448 for CVE-2025-22103",
          "url": "https://bugzilla.suse.com/1241448"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22103"
    },
    {
      "cve": "CVE-2025-22104",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22104"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Use kernel helpers for hex dumps\n\nPreviously, when the driver was printing hex dumps, the buffer was cast\nto an 8 byte long and printed using string formatters. If the buffer\nsize was not a multiple of 8 then a read buffer overflow was possible.\n\nTherefore, create a new ibmvnic function that loops over a buffer and\ncalls hex_dump_to_buffer instead.\n\nThis patch address KASAN reports like the one below:\n  ibmvnic 30000003 env3: Login Buffer:\n  ibmvnic 30000003 env3: 01000000af000000\n  \u003c...\u003e\n  ibmvnic 30000003 env3: 2e6d62692e736261\n  ibmvnic 30000003 env3: 65050003006d6f63\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]\n  Read of size 8 at addr c0000001331a9aa8 by task ip/17681\n  \u003c...\u003e\n  Allocated by task 17681:\n  \u003c...\u003e\n  ibmvnic_login+0x2f0/0xffc [ibmvnic]\n  ibmvnic_open+0x148/0x308 [ibmvnic]\n  __dev_open+0x1ac/0x304\n  \u003c...\u003e\n  The buggy address is located 168 bytes inside of\n                allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)\n  \u003c...\u003e\n  =================================================================\n  ibmvnic 30000003 env3: 000000000033766e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22104",
          "url": "https://www.suse.com/security/cve/CVE-2025-22104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241550 for CVE-2025-22104",
          "url": "https://bugzilla.suse.com/1241550"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22104"
    },
    {
      "cve": "CVE-2025-22107",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22107"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()\n\nThere are actually 2 problems:\n- deleting the last element doesn\u0027t require the memmove of elements\n  [i + 1, end) over it. Actually, element i+1 is out of bounds.\n- The memmove itself should move size - i - 1 elements, because the last\n  element is out of bounds.\n\nThe out-of-bounds element still remains out of bounds after being\naccessed, so the problem is only that we touch it, not that it becomes\nin active use. But I suppose it can lead to issues if the out-of-bounds\nelement is part of an unmapped page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22107",
          "url": "https://www.suse.com/security/cve/CVE-2025-22107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241575 for CVE-2025-22107",
          "url": "https://bugzilla.suse.com/1241575"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22107"
    },
    {
      "cve": "CVE-2025-22108",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22108"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Mask the bd_cnt field in the TX BD properly\n\nThe bd_cnt field in the TX BD specifies the total number of BDs for\nthe TX packet.  The bd_cnt field has 5 bits and the maximum number\nsupported is 32 with the value 0.\n\nCONFIG_MAX_SKB_FRAGS can be modified and the total number of SKB\nfragments can approach or exceed the maximum supported by the chip.\nAdd a macro to properly mask the bd_cnt field so that the value 32\nwill be properly masked and set to 0 in the bd_cnd field.\n\nWithout this patch, the out-of-range bd_cnt value will corrupt the\nTX BD and may cause TX timeout.\n\nThe next patch will check for values exceeding 32.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22108",
          "url": "https://www.suse.com/security/cve/CVE-2025-22108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241574 for CVE-2025-22108",
          "url": "https://bugzilla.suse.com/1241574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22108"
    },
    {
      "cve": "CVE-2025-22109",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22109"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Remove broken autobind\n\nBinding AX25 socket by using the autobind feature leads to memory leaks\nin ax25_connect() and also refcount leaks in ax25_release(). Memory\nleak was detected with kmemleak:\n\n================================================================\nunreferenced object 0xffff8880253cd680 (size 96):\nbacktrace:\n__kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43)\nkmemdup_noprof (mm/util.c:136)\nax25_rt_autobind (net/ax25/ax25_route.c:428)\nax25_connect (net/ax25/af_ax25.c:1282)\n__sys_connect_file (net/socket.c:2045)\n__sys_connect (net/socket.c:2064)\n__x64_sys_connect (net/socket.c:2067)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n================================================================\n\nWhen socket is bound, refcounts must be incremented the way it is done\nin ax25_bind() and ax25_setsockopt() (SO_BINDTODEVICE). In case of\nautobind, the refcounts are not incremented.\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nax25_connect(): syz-executor318 uses autobind, please contact jreuter@yaina.de\n------------[ cut here ]------------\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 0 PID: 5317 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\nModules linked in:\nCPU: 0 UID: 0 PID: 5317 Comm: syz-executor318 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\n...\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4302 [inline]\n netdev_put include/linux/netdevice.h:4319 [inline]\n ax25_release+0x368/0x960 net/ax25/af_ax25.c:1080\n __sock_release net/socket.c:647 [inline]\n sock_close+0xbc/0x240 net/socket.c:1398\n __fput+0x3e9/0x9f0 fs/file_table.c:464\n __do_sys_close fs/open.c:1580 [inline]\n __se_sys_close fs/open.c:1565 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1565\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nConsidering the issues above and the comments left in the code that say:\n\"check if we can remove this feature. It is broken.\"; \"autobinding in this\nmay or may not work\"; - it is better to completely remove this feature than\nto fix it because it is broken and leads to various kinds of memory bugs.\n\nNow calling connect() without first binding socket will result in an\nerror (-EINVAL). Userspace software that relies on the autobind feature\nmight get broken. However, this feature does not seem widely used with\nthis specific driver as it was not reliable at any point of time, and it\nis already broken anyway. E.g. ax25-tools and ax25-apps packages for\npopular distributions do not use the autobind feature for AF_AX25.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22109",
          "url": "https://www.suse.com/security/cve/CVE-2025-22109"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241573 for CVE-2025-22109",
          "url": "https://bugzilla.suse.com/1241573"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22109"
    },
    {
      "cve": "CVE-2025-22112",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22112"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix out-of-range access of vnic_info array\n\nThe bnxt_queue_{start | stop}() access vnic_info as much as allocated,\nwhich indicates bp-\u003enr_vnics.\nSo, it should not reach bp-\u003evnic_info[bp-\u003enr_vnics].",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22112",
          "url": "https://www.suse.com/security/cve/CVE-2025-22112"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241581 for CVE-2025-22112",
          "url": "https://bugzilla.suse.com/1241581"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22112"
    },
    {
      "cve": "CVE-2025-22116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: check error for register_netdev() on init\n\nCurrent init logic ignores the error code from register_netdev(),\nwhich will cause WARN_ON() on attempt to unregister it, if there was one,\nand there is no info for the user that the creation of the netdev failed.\n\nWARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10\n...\n[ 3707.563641]  unregister_netdev+0x1c/0x30\n[ 3707.563656]  idpf_vport_dealloc+0x5cf/0xce0 [idpf]\n[ 3707.563684]  idpf_deinit_task+0xef/0x160 [idpf]\n[ 3707.563712]  idpf_vc_core_deinit+0x84/0x320 [idpf]\n[ 3707.563739]  idpf_remove+0xbf/0x780 [idpf]\n[ 3707.563769]  pci_device_remove+0xab/0x1e0\n[ 3707.563786]  device_release_driver_internal+0x371/0x530\n[ 3707.563803]  driver_detach+0xbf/0x180\n[ 3707.563816]  bus_remove_driver+0x11b/0x2a0\n[ 3707.563829]  pci_unregister_driver+0x2a/0x250\n\nIntroduce an error check and log the vport number and error code.\nOn removal make sure to check VPORT_REG_NETDEV flag prior to calling\nunregister and free on the netdev.\n\nAdd local variables for idx, vport_config and netdev for readability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22116",
          "url": "https://www.suse.com/security/cve/CVE-2025-22116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241459 for CVE-2025-22116",
          "url": "https://bugzilla.suse.com/1241459"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22116"
    },
    {
      "cve": "CVE-2025-22125",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22125"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1,raid10: don\u0027t ignore IO flags\n\nIf blk-wbt is enabled by default, it\u0027s found that raid write performance\nis quite bad because all IO are throttled by wbt of underlying disks,\ndue to flag REQ_IDLE is ignored. And turns out this behaviour exist since\nblk-wbt is introduced.\n\nOther than REQ_IDLE, other flags should not be ignored as well, for\nexample REQ_META can be set for filesystems, clearing it can cause priority\nreverse problems; And REQ_NOWAIT should not be cleared as well, because\nio will wait instead of failing directly in underlying disks.\n\nFix those problems by keep IO flags from master bio.\n\nFises: f51d46d0e7cb (\"md: add support for REQ_NOWAIT\")",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22125",
          "url": "https://www.suse.com/security/cve/CVE-2025-22125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241596 for CVE-2025-22125",
          "url": "https://bugzilla.suse.com/1241596"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22125"
    },
    {
      "cve": "CVE-2025-22126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix mddev uaf while iterating all_mddevs list\n\nWhile iterating all_mddevs list from md_notify_reboot() and md_exit(),\nlist_for_each_entry_safe is used, and this can race with deletint the\nnext mddev, causing UAF:\n\nt1:\nspin_lock\n//list_for_each_entry_safe(mddev, n, ...)\n mddev_get(mddev1)\n // assume mddev2 is the next entry\n spin_unlock\n            t2:\n            //remove mddev2\n            ...\n            mddev_free\n            spin_lock\n            list_del\n            spin_unlock\n            kfree(mddev2)\n mddev_put(mddev1)\n spin_lock\n //continue dereference mddev2-\u003eall_mddevs\n\nThe old helper for_each_mddev() actually grab the reference of mddev2\nwhile holding the lock, to prevent from being freed. This problem can be\nfixed the same way, however, the code will be complex.\n\nHence switch to use list_for_each_entry, in this case mddev_put() can free\nthe mddev1 and it\u0027s not safe as well. Refer to md_seq_show(), also factor\nout a helper mddev_put_locked() to fix this problem.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22126",
          "url": "https://www.suse.com/security/cve/CVE-2025-22126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241597 for CVE-2025-22126",
          "url": "https://bugzilla.suse.com/1241597"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22126"
    },
    {
      "cve": "CVE-2025-22128",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22128"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath12k_pci_msi_alloc(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ.\n\nThis may end up with a warning from the IRQ core that is expecting the\naffinity hint to be cleared before freeing the IRQ:\n\nkernel/irq/manage.c:\n\n\t/* make sure affinity_hint is cleaned up */\n\tif (WARN_ON_ONCE(desc-\u003eaffinity_hint))\n\t\tdesc-\u003eaffinity_hint = NULL;\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath12k_pci_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22128",
          "url": "https://www.suse.com/security/cve/CVE-2025-22128"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241598 for CVE-2025-22128",
          "url": "https://bugzilla.suse.com/1241598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22128"
    },
    {
      "cve": "CVE-2025-23129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath11k_pci_alloc_msi(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ. This results in the\nbelow warning:\n\nWARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 free_irq+0x278/0x29c\nCall trace:\n free_irq+0x278/0x29c\n ath11k_pcic_free_irq+0x70/0x10c [ath11k]\n ath11k_pci_probe+0x800/0x820 [ath11k_pci]\n local_pci_probe+0x40/0xbc\n\nThe warning is due to not clearing the affinity hint before freeing the\nIRQs.\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath11k_pcic_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.\n\nTested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23129",
          "url": "https://www.suse.com/security/cve/CVE-2025-23129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241599 for CVE-2025-23129",
          "url": "https://bugzilla.suse.com/1241599"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23129"
    },
    {
      "cve": "CVE-2025-23131",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23131"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: prevent NPD when writing a positive value to event_done\n\ndo_uevent returns the value written to event_done. In case it is a\npositive value, new_lockspace would undo all the work, and lockspace\nwould not be set. __dlm_new_lockspace, however, would treat that\npositive value as a success due to commit 8511a2728ab8 (\"dlm: fix use\ncount with multiple joins\").\n\nDown the line, device_create_lockspace would pass that NULL lockspace to\ndlm_find_lockspace_local, leading to a NULL pointer dereference.\n\nTreating such positive values as successes prevents the problem. Given\nthis has been broken for so long, this is unlikely to break userspace\nexpectations.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23131",
          "url": "https://www.suse.com/security/cve/CVE-2025-23131"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241601 for CVE-2025-23131",
          "url": "https://bugzilla.suse.com/1241601"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23131"
    },
    {
      "cve": "CVE-2025-23134",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23134"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: timer: Don\u0027t take register_mutex with copy_from/to_user()\n\nThe infamous mmap_lock taken in copy_from/to_user() can be often\nproblematic when it\u0027s called inside another mutex, as they might lead\nto deadlocks.\n\nIn the case of ALSA timer code, the bad pattern is with\nguard(mutex)(\u0026register_mutex) that covers copy_from/to_user() -- which\nwas mistakenly introduced at converting to guard(), and it had been\ncarefully worked around in the past.\n\nThis patch fixes those pieces simply by moving copy_from/to_user() out\nof the register mutex lock again.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23134",
          "url": "https://www.suse.com/security/cve/CVE-2025-23134"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241628 for CVE-2025-23134",
          "url": "https://bugzilla.suse.com/1241628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23134"
    },
    {
      "cve": "CVE-2025-23136",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23136"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: int340x: Add NULL check for adev\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL.\nThis is similar to the commit cd2fd6eab480\n(\"platform/x86: int3472: Check for adev == NULL\").\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in int3402_thermal_probe().\n\nNote, under the same directory, int3400_thermal_probe() has such a\ncheck.\n\n[ rjw: Subject edit, added Fixes: ]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23136",
          "url": "https://www.suse.com/security/cve/CVE-2025-23136"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241357 for CVE-2025-23136",
          "url": "https://bugzilla.suse.com/1241357"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23136"
    },
    {
      "cve": "CVE-2025-23138",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23138"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: fix pipe accounting mismatch\n\nCurrently, watch_queue_set_size() modifies the pipe buffers charged to\nuser-\u003epipe_bufs without updating the pipe-\u003enr_accounted on the pipe\nitself, due to the if (!pipe_has_watch_queue()) test in\npipe_resize_ring(). This means that when the pipe is ultimately freed,\nwe decrement user-\u003epipe_bufs by something other than what than we had\ncharged to it, potentially leading to an underflow. This in turn can\ncause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.\n\nTo remedy this, explicitly account for the pipe usage in\nwatch_queue_set_size() to match the number set via account_pipe_buffers()\n\n(It\u0027s unclear why watch_queue_set_size() does not update nr_accounted;\nit may be due to intentional overprovisioning in watch_queue_set_size()?)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23138",
          "url": "https://www.suse.com/security/cve/CVE-2025-23138"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241648 for CVE-2025-23138",
          "url": "https://bugzilla.suse.com/1241648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23138"
    },
    {
      "cve": "CVE-2025-23140",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23140"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error\n\nAfter devm_request_irq() fails with error in pci_endpoint_test_request_irq(),\nthe pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs\nhave been released.\n\nHowever, some requested IRQs remain unreleased, so there are still\n/proc/irq/* entries remaining, and this results in WARN() with the\nfollowing message:\n\n  remove_proc_entry: removing non-empty directory \u0027irq/30\u0027, leaking at least \u0027pci-endpoint-test.0\u0027\n  WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c\n\nTo solve this issue, set the number of remaining IRQs to test-\u003enum_irqs,\nand release IRQs in advance by calling pci_endpoint_test_release_irq().\n\n[kwilczynski: commit log]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23140",
          "url": "https://www.suse.com/security/cve/CVE-2025-23140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242763 for CVE-2025-23140",
          "url": "https://bugzilla.suse.com/1242763"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23140"
    },
    {
      "cve": "CVE-2025-23145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\n\nCall trace:\n\n  mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n  subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n  tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n  tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n  ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n  ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n  ip_local_deliver (./net/ipv4/ip_input.c:254)\n  ip_rcv_finish (./net/ipv4/ip_input.c:449)\n  ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23145",
          "url": "https://www.suse.com/security/cve/CVE-2025-23145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242596 for CVE-2025-23145",
          "url": "https://bugzilla.suse.com/1242596"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242882 for CVE-2025-23145",
          "url": "https://bugzilla.suse.com/1242882"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-23145"
    },
    {
      "cve": "CVE-2025-23150",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23150"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off-by-one error in do_split\n\nSyzkaller detected a use-after-free issue in ext4_insert_dentry that was\ncaused by out-of-bounds access due to incorrect splitting in do_split.\n\nBUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\nWrite of size 251 at addr ffff888074572f14 by task syz-executor335/5847\n\nCPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\n add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154\n make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455\n ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796\n ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431\n vfs_symlink+0x137/0x2e0 fs/namei.c:4615\n do_symlinkat+0x222/0x3a0 fs/namei.c:4641\n __do_sys_symlink fs/namei.c:4662 [inline]\n __se_sys_symlink fs/namei.c:4660 [inline]\n __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThe following loop is located right above \u0027if\u0027 statement.\n\nfor (i = count-1; i \u003e= 0; i--) {\n\t/* is more than half of this entry in 2nd half of the block? */\n\tif (size + map[i].size/2 \u003e blocksize/2)\n\t\tbreak;\n\tsize += map[i].size;\n\tmove++;\n}\n\n\u0027i\u0027 in this case could go down to -1, in which case sum of active entries\nwouldn\u0027t exceed half the block size, but previous behaviour would also do\nsplit in half if sum would exceed at the very last block, which in case of\nhaving too many long name files in a single block could lead to\nout-of-bounds access and following use-after-free.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23150",
          "url": "https://www.suse.com/security/cve/CVE-2025-23150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242513 for CVE-2025-23150",
          "url": "https://bugzilla.suse.com/1242513"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23150"
    },
    {
      "cve": "CVE-2025-23154",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23154"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: fix io_req_post_cqe abuse by send bundle\n\n[  114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0\n[  114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0\n[  115.001880][ T5313] Call Trace:\n[  115.002222][ T5313]  \u003cTASK\u003e\n[  115.007813][ T5313]  io_send+0x4fe/0x10f0\n[  115.009317][ T5313]  io_issue_sqe+0x1a6/0x1740\n[  115.012094][ T5313]  io_wq_submit_work+0x38b/0xed0\n[  115.013223][ T5313]  io_worker_handle_work+0x62a/0x1600\n[  115.013876][ T5313]  io_wq_worker+0x34f/0xdf0\n\nAs the comment states, io_req_post_cqe() should only be used by\nmultishot requests, i.e. REQ_F_APOLL_MULTISHOT, which bundled sends are\nnot. Add a flag signifying whether a request wants to post multiple\nCQEs. Eventually REQ_F_APOLL_MULTISHOT should imply the new flag, but\nthat\u0027s left out for simplicity.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23154",
          "url": "https://www.suse.com/security/cve/CVE-2025-23154"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242533 for CVE-2025-23154",
          "url": "https://bugzilla.suse.com/1242533"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23154"
    },
    {
      "cve": "CVE-2025-23160",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23160"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization\n\nOn Mediatek devices with a system companion processor (SCP) the mtk_scp\nstructure has to be removed explicitly to avoid a resource leak.\nFree the structure in case the allocation of the firmware structure fails\nduring the firmware initialization.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23160",
          "url": "https://www.suse.com/security/cve/CVE-2025-23160"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242507 for CVE-2025-23160",
          "url": "https://bugzilla.suse.com/1242507"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23160"
    },
    {
      "cve": "CVE-2025-37747",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37747"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix hang while freeing sigtrap event\n\nPerf can hang while freeing a sigtrap event if a related deferred\nsignal hadn\u0027t managed to be sent before the file got closed:\n\nperf_event_overflow()\n   task_work_add(perf_pending_task)\n\nfput()\n   task_work_add(____fput())\n\ntask_work_run()\n    ____fput()\n        perf_release()\n            perf_event_release_kernel()\n                _free_event()\n                    perf_pending_task_sync()\n                        task_work_cancel() -\u003e FAILED\n                        rcuwait_wait_event()\n\nOnce task_work_run() is running, the list of pending callbacks is\nremoved from the task_struct and from this point on task_work_cancel()\ncan\u0027t remove any pending and not yet started work items, hence the\ntask_work_cancel() failure and the hang on rcuwait_wait_event().\n\nTask work could be changed to remove one work at a time, so a work\nrunning on the current task can always cancel a pending one, however\nthe wait / wake design is still subject to inverted dependencies when\nremote targets are involved, as pictured by Oleg:\n\nT1                                                      T2\n\nfd = perf_event_open(pid =\u003e T2-\u003epid);                  fd = perf_event_open(pid =\u003e T1-\u003epid);\nclose(fd)                                              close(fd)\n    \u003cIRQ\u003e                                                  \u003cIRQ\u003e\n    perf_event_overflow()                                  perf_event_overflow()\n       task_work_add(perf_pending_task)                        task_work_add(perf_pending_task)\n    \u003c/IRQ\u003e                                                 \u003c/IRQ\u003e\n    fput()                                                 fput()\n        task_work_add(____fput())                              task_work_add(____fput())\n\n    task_work_run()                                        task_work_run()\n        ____fput()                                             ____fput()\n            perf_release()                                         perf_release()\n                perf_event_release_kernel()                            perf_event_release_kernel()\n                    _free_event()                                          _free_event()\n                        perf_pending_task_sync()                               perf_pending_task_sync()\n                            rcuwait_wait_event()                                   rcuwait_wait_event()\n\nTherefore the only option left is to acquire the event reference count\nupon queueing the perf task work and release it from the task work, just\nlike it was done before 3a5465418f5f (\"perf: Fix event leak upon exec and file release\")\nbut without the leaks it fixed.\n\nSome adjustments are necessary to make it work:\n\n* A child event might dereference its parent upon freeing. Care must be\n  taken to release the parent last.\n\n* Some places assuming the event doesn\u0027t have any reference held and\n  therefore can be freed right away must instead put the reference and\n  let the reference counting to its job.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37747",
          "url": "https://www.suse.com/security/cve/CVE-2025-37747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242520 for CVE-2025-37747",
          "url": "https://bugzilla.suse.com/1242520"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37747"
    },
    {
      "cve": "CVE-2025-37748",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37748"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group\n\nCurrently, mtk_iommu calls during probe iommu_device_register before\nthe hw_list from driver data is initialized. Since iommu probing issue\nfix, it leads to NULL pointer dereference in mtk_iommu_device_group when\nhw_list is accessed with list_first_entry (not null safe).\n\nSo, change the call order to ensure iommu_device_register is called\nafter the driver data are initialized.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37748",
          "url": "https://www.suse.com/security/cve/CVE-2025-37748"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242523 for CVE-2025-37748",
          "url": "https://bugzilla.suse.com/1242523"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37748"
    },
    {
      "cve": "CVE-2025-37749",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37749"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4  p *(struct pppoe_hdr *) (skb-\u003ehead + skb-\u003enetwork_header)\n$18 = {\n\ttype = 0x1,\n\tver = 0x1,\n\tcode = 0x0,\n\tsid = 0x2,\n        length = 0x0,\n\ttag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n      tail = 0x16,\n      end = 0x140,\n      head = 0xffff88803346f400 \"4\",\n      data = 0xffff88803346f416 \":\\377\",\n      truesize = 0x380,\n      len = 0x0,\n      data_len = 0x0,\n      mac_len = 0xe,\n      hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37749",
          "url": "https://www.suse.com/security/cve/CVE-2025-37749"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242859 for CVE-2025-37749",
          "url": "https://bugzilla.suse.com/1242859"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37749"
    },
    {
      "cve": "CVE-2025-37750",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37750"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in decryption with multichannel\n\nAfter commit f7025d861694 (\"smb: client: allocate crypto only for\nprimary server\") and commit b0abcd65ec54 (\"smb: client: fix UAF in\nasync decryption\"), the channels started reusing AEAD TFM from primary\nchannel to perform synchronous decryption, but that can\u0027t done as\nthere could be multiple cifsd threads (one per channel) simultaneously\naccessing it to perform decryption.\n\nThis fixes the following KASAN splat when running fstest generic/249\nwith \u0027vers=3.1.1,multichannel,max_channels=4,seal\u0027 against Windows\nServer 2022:\n\nBUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110\nRead of size 8 at addr ffff8881046c18a0 by task cifsd/986\nCPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1\nPREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n print_report+0x156/0x528\n ? gf128mul_4k_lle+0xba/0x110\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? gf128mul_4k_lle+0xba/0x110\n kasan_report+0xdf/0x1a0\n ? gf128mul_4k_lle+0xba/0x110\n gf128mul_4k_lle+0xba/0x110\n ghash_update+0x189/0x210\n shash_ahash_update+0x295/0x370\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_extract_iter_to_sg+0x10/0x10\n ? ___kmalloc_large_node+0x10e/0x180\n ? __asan_memset+0x23/0x50\n crypto_ahash_update+0x3c/0xc0\n gcm_hash_assoc_remain_continue+0x93/0xc0\n crypt_message+0xe09/0xec0 [cifs]\n ? __pfx_crypt_message+0x10/0x10 [cifs]\n ? _raw_spin_unlock+0x23/0x40\n ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs]\n decrypt_raw_data+0x229/0x380 [cifs]\n ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs]\n smb3_receive_transform+0x837/0xc80 [cifs]\n ? __pfx_smb3_receive_transform+0x10/0x10 [cifs]\n ? __pfx___might_resched+0x10/0x10\n ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs]\n cifs_demultiplex_thread+0x692/0x1570 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n ? rcu_is_watching+0x20/0x50\n ? rcu_lockdep_current_cpu_online+0x62/0xb0\n ? find_held_lock+0x32/0x90\n ? kvm_sched_clock_read+0x11/0x20\n ? local_clock_noinstr+0xd/0xd0\n ? trace_irq_enable.constprop.0+0xa8/0xe0\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0x1fe/0x380\n ? kthread+0x10f/0x380\n ? __pfx_kthread+0x10/0x10\n ? local_clock_noinstr+0xd/0xd0\n ? ret_from_fork+0x1b/0x60\n ? local_clock+0x15/0x30\n ? lock_release+0x29b/0x390\n ? rcu_is_watching+0x20/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37750",
          "url": "https://www.suse.com/security/cve/CVE-2025-37750"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242510 for CVE-2025-37750",
          "url": "https://bugzilla.suse.com/1242510"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37750"
    },
    {
      "cve": "CVE-2025-37755",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37755"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: handle page_pool_dev_alloc_pages error\n\npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis is similar to commit 001ba0902046\n(\"net: fec: handle page_pool_dev_alloc_pages error\").\n\nThis is found by our static analysis tool KNighter.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37755",
          "url": "https://www.suse.com/security/cve/CVE-2025-37755"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242506 for CVE-2025-37755",
          "url": "https://bugzilla.suse.com/1242506"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37755"
    },
    {
      "cve": "CVE-2025-37773",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37773"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: add filesystem context source name check\n\nIn certain scenarios, for example, during fuzz testing, the source\nname may be NULL, which could lead to a kernel panic. Therefore, an\nextra check for the source name should be added.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37773",
          "url": "https://www.suse.com/security/cve/CVE-2025-37773"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242502 for CVE-2025-37773",
          "url": "https://bugzilla.suse.com/1242502"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37773"
    },
    {
      "cve": "CVE-2025-37780",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37780"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: Prevent the use of too small fid\n\nsyzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1]\n\nThe handle_bytes value passed in by the reproducing program is equal to 12.\nIn handle_to_path(), only 12 bytes of memory are allocated for the structure\nfile_handle-\u003ef_handle member, which causes an out-of-bounds access when\naccessing the member parent_block of the structure isofs_fid in isofs,\nbecause accessing parent_block requires at least 16 bytes of f_handle.\nHere, fh_len is used to indirectly confirm that the value of handle_bytes\nis greater than 3 before accessing parent_block.\n\n[1]\nBUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\nRead of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466\nCPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x198/0x550 mm/kasan/report.c:521\n kasan_report+0xd8/0x138 mm/kasan/report.c:634\n __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380\n isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\n exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523\n do_handle_to_path+0xa0/0x198 fs/fhandle.c:257\n handle_to_path fs/fhandle.c:385 [inline]\n do_handle_open+0x8cc/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 6466:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306\n kmalloc_noprof include/linux/slab.h:905 [inline]\n handle_to_path fs/fhandle.c:357 [inline]\n do_handle_open+0x5a4/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37780",
          "url": "https://www.suse.com/security/cve/CVE-2025-37780"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242786 for CVE-2025-37780",
          "url": "https://bugzilla.suse.com/1242786"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37780"
    },
    {
      "cve": "CVE-2025-37787",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37787"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered\n\nRussell King reports that a system with mv88e6xxx dereferences a NULL\npointer when unbinding this driver:\nhttps://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/\n\nThe crash seems to be in devlink_region_destroy(), which is not NULL\ntolerant but is given a NULL devlink global region pointer.\n\nAt least on some chips, some devlink regions are conditionally registered\nsince the blamed commit, see mv88e6xxx_setup_devlink_regions_global():\n\n\t\tif (cond \u0026\u0026 !cond(chip))\n\t\t\tcontinue;\n\nThese are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip\ndoes not have an STU or PVT, it should crash like this.\n\nTo fix the issue, avoid unregistering those regions which are NULL, i.e.\nwere skipped at mv88e6xxx_setup_devlink_regions_global() time.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37787",
          "url": "https://www.suse.com/security/cve/CVE-2025-37787"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242585 for CVE-2025-37787",
          "url": "https://bugzilla.suse.com/1242585"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37787"
    },
    {
      "cve": "CVE-2025-37789",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37789"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt\u0027s not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header.  Check that the attribute is OK first.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37789",
          "url": "https://www.suse.com/security/cve/CVE-2025-37789"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242762 for CVE-2025-37789",
          "url": "https://bugzilla.suse.com/1242762"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37789"
    },
    {
      "cve": "CVE-2025-37790",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37790"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Set SOCK_RCU_FREE\n\nBind lookup runs under RCU, so ensure that a socket doesn\u0027t go away in\nthe middle of a lookup.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37790",
          "url": "https://www.suse.com/security/cve/CVE-2025-37790"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242509 for CVE-2025-37790",
          "url": "https://bugzilla.suse.com/1242509"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37790"
    },
    {
      "cve": "CVE-2025-37797",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37797"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n   codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n   the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n   are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37797",
          "url": "https://www.suse.com/security/cve/CVE-2025-37797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242417 for CVE-2025-37797",
          "url": "https://bugzilla.suse.com/1242417"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245793 for CVE-2025-37797",
          "url": "https://bugzilla.suse.com/1245793"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-37797"
    },
    {
      "cve": "CVE-2025-37798",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37798"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37798",
          "url": "https://www.suse.com/security/cve/CVE-2025-37798"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242414 for CVE-2025-37798",
          "url": "https://bugzilla.suse.com/1242414"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242417 for CVE-2025-37798",
          "url": "https://bugzilla.suse.com/1242417"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-37798"
    },
    {
      "cve": "CVE-2025-37799",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37799"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp\n\nvmxnet3 driver\u0027s XDP handling is buggy for packet sizes using ring0 (that\nis, packet sizes between 128 - 3k bytes).\n\nWe noticed MTU-related connectivity issues with Cilium\u0027s service load-\nbalancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP\nbackend service where the XDP LB was doing IPIP encap led to overly large\npacket sizes but only for *some* of the packets (e.g. HTTP GET request)\nwhile others (e.g. the prior TCP 3WHS) looked completely fine on the wire.\n\nIn fact, the pcap recording on the backend node actually revealed that the\nnode with the XDP LB was leaking uninitialized kernel data onto the wire\nfor the affected packets, for example, while the packets should have been\n152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes\nwas padded with whatever other data was in that page at the time (e.g. we\nsaw user/payload data from prior processed packets).\n\nWe only noticed this through an MTU issue, e.g. when the XDP LB node and\nthe backend node both had the same MTU (e.g. 1500) then the curl request\ngot dropped on the backend node\u0027s NIC given the packet was too large even\nthough the IPIP-encapped packet normally would never even come close to\nthe MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let\nthe curl request succeed (which also indicates that the kernel ignored the\npadding, and thus the issue wasn\u0027t very user-visible).\n\nCommit e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") was too eager\nto also switch xdp_prepare_buff() from rcd-\u003elen to rbi-\u003elen. It really needs\nto stick to rcd-\u003elen which is the actual packet length from the descriptor.\nThe latter we also feed into vmxnet3_process_xdp_small(), by the way, and\nit indicates the correct length needed to initialize the xdp-\u003e{data,data_end}\nparts. For e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") the\nrelevant part was adapting xdp_init_buff() to address the warning given the\nxdp_data_hard_end() depends on xdp-\u003eframe_sz. With that fixed, traffic on\nthe wire looks good again.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37799",
          "url": "https://www.suse.com/security/cve/CVE-2025-37799"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242283 for CVE-2025-37799",
          "url": "https://bugzilla.suse.com/1242283"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37799"
    },
    {
      "cve": "CVE-2025-37803",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37803"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64  when calculate pglimit.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37803",
          "url": "https://www.suse.com/security/cve/CVE-2025-37803"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242852 for CVE-2025-37803",
          "url": "https://bugzilla.suse.com/1242852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37803"
    },
    {
      "cve": "CVE-2025-37804",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37804"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37804",
          "url": "https://www.suse.com/security/cve/CVE-2025-37804"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242854 for CVE-2025-37804",
          "url": "https://bugzilla.suse.com/1242854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37804"
    },
    {
      "cve": "CVE-2025-37809",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37809"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: class: Fix NULL pointer access\n\nConcurrent calls to typec_partner_unlink_device can lead to a NULL pointer\ndereference. This patch adds a mutex to protect USB device pointers and\nprevent this issue. The same mutex protects both the device pointers and\nthe partner device registration.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37809",
          "url": "https://www.suse.com/security/cve/CVE-2025-37809"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242856 for CVE-2025-37809",
          "url": "https://bugzilla.suse.com/1242856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37809"
    },
    {
      "cve": "CVE-2025-37820",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37820"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: handle NULL returned by xdp_convert_buff_to_frame()\n\nThe function xdp_convert_buff_to_frame() may return NULL if it fails\nto correctly convert the XDP buffer into an XDP frame due to memory\nconstraints, internal errors, or invalid data. Failing to check for NULL\nmay lead to a NULL pointer dereference if the result is used later in\nprocessing, potentially causing crashes, data corruption, or undefined\nbehavior.\n\nOn XDP redirect failure, the associated page must be released explicitly\nif it was previously retained via get_page(). Failing to do so may result\nin a memory leak, as the pages reference count is not decremented.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37820",
          "url": "https://www.suse.com/security/cve/CVE-2025-37820"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242866 for CVE-2025-37820",
          "url": "https://bugzilla.suse.com/1242866"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37820"
    },
    {
      "cve": "CVE-2025-37823",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37823"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too\n\nSimilarly to the previous patch, we need to safe guard hfsc_dequeue()\ntoo. But for this one, we don\u0027t have a reliable reproducer.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37823",
          "url": "https://www.suse.com/security/cve/CVE-2025-37823"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242924 for CVE-2025-37823",
          "url": "https://bugzilla.suse.com/1242924"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37823"
    },
    {
      "cve": "CVE-2025-37824",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37824"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix NULL pointer dereference in tipc_mon_reinit_self()\n\nsyzbot reported:\n\ntipc: Node number set to 1055423674\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: events tipc_net_finalize_work\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS:  0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tipc_net_finalize+0x10b/0x180 net/tipc/net.c:140\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n...\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS:  0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nThere is a racing condition between workqueue created when enabling\nbearer and another thread created when disabling bearer right after\nthat as follow:\n\nenabling_bearer                          | disabling_bearer\n---------------                          | ----------------\ntipc_disc_timeout()                      |\n{                                        | bearer_disable()\n ...                                     | {\n schedule_work(\u0026tn-\u003ework);               |  tipc_mon_delete()\n ...                                     |  {\n}                                        |   ...\n                                         |   write_lock_bh(\u0026mon-\u003elock);\n                                         |   mon-\u003eself = NULL;\n                                         |   write_unlock_bh(\u0026mon-\u003elock);\n                                         |   ...\n                                         |  }\ntipc_net_finalize_work()                 | }\n{                                        |\n ...                                     |\n tipc_net_finalize()                     |\n {                                       |\n  ...                                    |\n  tipc_mon_reinit_self()                 |\n  {                                      |\n   ...                                   |\n   write_lock_bh(\u0026mon-\u003elock);            |\n   mon-\u003eself-\u003eaddr = tipc_own_addr(net); |\n   write_unlock_bh(\u0026mon-\u003elock);          |\n   ...             \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37824",
          "url": "https://www.suse.com/security/cve/CVE-2025-37824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242867 for CVE-2025-37824",
          "url": "https://bugzilla.suse.com/1242867"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37824"
    },
    {
      "cve": "CVE-2025-37829",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37829"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. scpi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37829",
          "url": "https://www.suse.com/security/cve/CVE-2025-37829"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242875 for CVE-2025-37829",
          "url": "https://bugzilla.suse.com/1242875"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37829"
    },
    {
      "cve": "CVE-2025-37830",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37830"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. scmi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.\n\nAdd NULL check after cpufreq_cpu_get_raw() to prevent this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37830",
          "url": "https://www.suse.com/security/cve/CVE-2025-37830"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242860 for CVE-2025-37830",
          "url": "https://bugzilla.suse.com/1242860"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37830"
    },
    {
      "cve": "CVE-2025-37831",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37831"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. apple_soc_cpufreq_get_rate() does not check\nfor this case, which results in a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37831",
          "url": "https://www.suse.com/security/cve/CVE-2025-37831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242861 for CVE-2025-37831",
          "url": "https://bugzilla.suse.com/1242861"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37831"
    },
    {
      "cve": "CVE-2025-37833",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37833"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads\n\nFix niu_try_msix() to not cause a fatal trap on sparc systems.\n\nSet PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to\nwork around a bug in the hardware or firmware.\n\nFor each vector entry in the msix table, niu chips will cause a fatal\ntrap if any registers in that entry are read before that entries\u0027\nENTRY_DATA register is written to. Testing indicates writes to other\nregisters are not sufficient to prevent the fatal trap, however the value\ndoes not appear to matter. This only needs to happen once after power up,\nso simply rebooting into a kernel lacking this fix will NOT cause the\ntrap.\n\nNON-RESUMABLE ERROR: Reporting on cpu 64\nNON-RESUMABLE ERROR: TPC [0x00000000005f6900] \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\nNON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff\nNON-RESUMABLE ERROR:      0000000800000000:0000000000000000:0000000000000000:0000000000000000]\nNON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]\nNON-RESUMABLE ERROR: type [precise nonresumable]\nNON-RESUMABLE ERROR: attrs [0x02000080] \u003c ASI sp-faulted priv \u003e\nNON-RESUMABLE ERROR: raddr [0xffffffffffffffff]\nNON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]\nNON-RESUMABLE ERROR: size [0x8]\nNON-RESUMABLE ERROR: asi [0x00]\nCPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63\nWorkqueue: events work_for_cpu_fn\nTSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000    Not tainted\nTPC: \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\ng0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100\ng4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000\no0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620\no4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128\nRPC: \u003c__pci_enable_msix_range+0x3cc/0x460\u003e\nl0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020\nl4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734\ni0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d\ni4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0\nI7: \u003cniu_try_msix.constprop.0+0xc0/0x130 [niu]\u003e\nCall Trace:\n[\u003c00000000101888b0\u003e] niu_try_msix.constprop.0+0xc0/0x130 [niu]\n[\u003c000000001018f840\u003e] niu_get_invariants+0x183c/0x207c [niu]\n[\u003c00000000101902fc\u003e] niu_pci_init_one+0x27c/0x2fc [niu]\n[\u003c00000000005ef3e4\u003e] local_pci_probe+0x28/0x74\n[\u003c0000000000469240\u003e] work_for_cpu_fn+0x8/0x1c\n[\u003c000000000046b008\u003e] process_scheduled_works+0x144/0x210\n[\u003c000000000046b518\u003e] worker_thread+0x13c/0x1c0\n[\u003c00000000004710e0\u003e] kthread+0xb8/0xc8\n[\u003c00000000004060c8\u003e] ret_from_fork+0x1c/0x2c\n[\u003c0000000000000000\u003e] 0x0\nKernel panic - not syncing: Non-resumable error.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37833",
          "url": "https://www.suse.com/security/cve/CVE-2025-37833"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242868 for CVE-2025-37833",
          "url": "https://bugzilla.suse.com/1242868"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37833"
    },
    {
      "cve": "CVE-2025-37842",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37842"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-qspi: use devm function instead of driver remove\n\nDriver use devm APIs to manage clk/irq/resources and register the spi\ncontroller, but the legacy remove function will be called first during\ndevice detach and trigger kernel panic. Drop the remove function and use\ndevm_add_action_or_reset() for driver cleanup to ensure the release\nsequence.\n\nTrigger kernel panic on i.MX8MQ by\necho 30bb0000.spi \u003e/sys/bus/platform/drivers/fsl-quadspi/unbind",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37842",
          "url": "https://www.suse.com/security/cve/CVE-2025-37842"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242951 for CVE-2025-37842",
          "url": "https://bugzilla.suse.com/1242951"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37842"
    },
    {
      "cve": "CVE-2025-37870",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37870"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: prevent hang on link training fail\n\n[Why]\nWhen link training fails, the phy clock will be disabled. However, in\nenable_streams, it is assumed that link training succeeded and the\nmux selects the phy clock, causing a hang when a register write is made.\n\n[How]\nWhen enable_stream is hit, check if link training failed. If it did, fall\nback to the ref clock to avoid a hang and keep the system in a recoverable\nstate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37870",
          "url": "https://www.suse.com/security/cve/CVE-2025-37870"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243056 for CVE-2025-37870",
          "url": "https://bugzilla.suse.com/1243056"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37870"
    },
    {
      "cve": "CVE-2025-37879",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37879"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/net: fix improper handling of bogus negative read/write replies\n\nIn p9_client_write() and p9_client_read_once(), if the server\nincorrectly replies with success but a negative write/read count then we\nwould consider written (negative) \u003c= rsize (positive) because both\nvariables were signed.\n\nMake variables unsigned to avoid this problem.\n\nThe reproducer linked below now fails with the following error instead\nof a null pointer deref:\n9pnet: bogus RWRITE count (4294967295 \u003e 3)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37879",
          "url": "https://www.suse.com/security/cve/CVE-2025-37879"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243077 for CVE-2025-37879",
          "url": "https://bugzilla.suse.com/1243077"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37879"
    },
    {
      "cve": "CVE-2025-37886",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37886"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: make wait_context part of q_info\n\nMake the wait_context a full part of the q_info struct rather\nthan a stack variable that goes away after pdsc_adminq_post()\nis done so that the context is still available after the wait\nloop has given up.\n\nThere was a case where a slow development firmware caused\nthe adminq request to time out, but then later the FW finally\nfinished the request and sent the interrupt.  The handler tried\nto complete_all() the completion context that had been created\non the stack in pdsc_adminq_post() but no longer existed.\nThis caused bad pointer usage, kernel crashes, and much wailing\nand gnashing of teeth.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37886",
          "url": "https://www.suse.com/security/cve/CVE-2025-37886"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242944 for CVE-2025-37886",
          "url": "https://bugzilla.suse.com/1242944"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37886"
    },
    {
      "cve": "CVE-2025-37887",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37887"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result\n\nIf the FW doesn\u0027t support the PDS_CORE_CMD_FW_CONTROL command\nthe driver might at the least print garbage and at the worst\ncrash when the user runs the \"devlink dev info\" devlink command.\n\nThis happens because the stack variable fw_list is not 0\ninitialized which results in fw_list.num_fw_slots being a\ngarbage value from the stack.  Then the driver tries to access\nfw_list.fw_names[i] with i \u003e= ARRAY_SIZE and runs off the end\nof the array.\n\nFix this by initializing the fw_list and by not failing\ncompletely if the devcmd fails because other useful information\nis printed via devlink dev info even if the devcmd fails.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37887",
          "url": "https://www.suse.com/security/cve/CVE-2025-37887"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242962 for CVE-2025-37887",
          "url": "https://bugzilla.suse.com/1242962"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37887"
    },
    {
      "cve": "CVE-2025-37949",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37949"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxenbus: Use kref to track req lifetime\n\nMarek reported seeing a NULL pointer fault in the xenbus_thread\ncallstack:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: e030:__wake_up_common+0x4c/0x180\nCall Trace:\n \u003cTASK\u003e\n __wake_up_common_lock+0x82/0xd0\n process_msg+0x18e/0x2f0\n xenbus_thread+0x165/0x1c0\n\nprocess_msg+0x18e is req-\u003ecb(req).  req-\u003ecb is set to xs_wake_up(), a\nthin wrapper around wake_up(), or xenbus_dev_queue_reply().  It seems\nlike it was xs_wake_up() in this case.\n\nIt seems like req may have woken up the xs_wait_for_reply(), which\nkfree()ed the req.  When xenbus_thread resumes, it faults on the zero-ed\ndata.\n\nLinux Device Drivers 2nd edition states:\n\"Normally, a wake_up call can cause an immediate reschedule to happen,\nmeaning that other processes might run before wake_up returns.\"\n... which would match the behaviour observed.\n\nChange to keeping two krefs on each request.  One for the caller, and\none for xenbus_thread.  Each will kref_put() when finished, and the last\nwill free it.\n\nThis use of kref matches the description in\nDocumentation/core-api/kref.rst",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37949",
          "url": "https://www.suse.com/security/cve/CVE-2025-37949"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243541 for CVE-2025-37949",
          "url": "https://bugzilla.suse.com/1243541"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37949"
    },
    {
      "cve": "CVE-2025-37957",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37957"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception\n\nPreviously, commit ed129ec9057f (\"KVM: x86: forcibly leave nested mode\non vCPU reset\") addressed an issue where a triple fault occurring in\nnested mode could lead to use-after-free scenarios. However, the commit\ndid not handle the analogous situation for System Management Mode (SMM).\n\nThis omission results in triggering a WARN when KVM forces a vCPU INIT\nafter SHUTDOWN interception while the vCPU is in SMM. This situation was\nreprodused using Syzkaller by:\n\n  1) Creating a KVM VM and vCPU\n  2) Sending a KVM_SMI ioctl to explicitly enter SMM\n  3) Executing invalid instructions causing consecutive exceptions and\n     eventually a triple fault\n\nThe issue manifests as follows:\n\n  WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112\n  kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n  Modules linked in:\n  CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted\n  6.1.130-syzkaller-00157-g164fe5dde9b6 #0\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n  BIOS 1.12.0-1 04/01/2014\n  RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n  Call Trace:\n   \u003cTASK\u003e\n   shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136\n   svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395\n   svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457\n   vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline]\n   vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062\n   kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283\n   kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:870 [inline]\n   __se_sys_ioctl fs/ioctl.c:856 [inline]\n   __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856\n   do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n   do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nArchitecturally, INIT is blocked when the CPU is in SMM, hence KVM\u0027s WARN()\nin kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper\nemulation of INIT.  SHUTDOWN on SVM is a weird edge case where KVM needs to\ndo _something_ sane with the VMCB, since it\u0027s technically undefined, and\nINIT is the least awful choice given KVM\u0027s ABI.\n\nSo, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of\nSMM to avoid any weirdness (and the WARN).\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\n[sean: massage changelog, make it clear this isn\u0027t architectural behavior]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37957",
          "url": "https://www.suse.com/security/cve/CVE-2025-37957"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243513 for CVE-2025-37957",
          "url": "https://bugzilla.suse.com/1243513"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37957"
    },
    {
      "cve": "CVE-2025-37958",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37958"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: fix dereferencing invalid pmd migration entry\n\nWhen migrating a THP, concurrent access to the PMD migration entry during\na deferred split scan can lead to an invalid address access, as\nillustrated below.  To prevent this invalid access, it is necessary to\ncheck the PMD migration entry and return early.  In this context, there is\nno need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the\nequality of the target folio.  Since the PMD migration entry is locked, it\ncannot be served as the target.\n\nMailing list discussion and explanation from Hugh Dickins: \"An anon_vma\nlookup points to a location which may contain the folio of interest, but\nmight instead contain another folio: and weeding out those other folios is\nprecisely what the \"folio != pmd_folio((*pmd)\" check (and the \"risk of\nreplacing the wrong folio\" comment a few lines above it) is for.\"\n\nBUG: unable to handle page fault for address: ffffea60001db008\nCPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60\nCall Trace:\n\u003cTASK\u003e\ntry_to_migrate_one+0x28c/0x3730\nrmap_walk_anon+0x4f6/0x770\nunmap_folio+0x196/0x1f0\nsplit_huge_page_to_list_to_order+0x9f6/0x1560\ndeferred_split_scan+0xac5/0x12a0\nshrinker_debugfs_scan_write+0x376/0x470\nfull_proxy_write+0x15c/0x220\nvfs_write+0x2fc/0xcb0\nksys_write+0x146/0x250\ndo_syscall_64+0x6a/0x120\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe bug is found by syzkaller on an internal kernel, then confirmed on\nupstream.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37958",
          "url": "https://www.suse.com/security/cve/CVE-2025-37958"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243539 for CVE-2025-37958",
          "url": "https://bugzilla.suse.com/1243539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37958"
    },
    {
      "cve": "CVE-2025-37960",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37960"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemblock: Accept allocated memory before use in memblock_double_array()\n\nWhen increasing the array size in memblock_double_array() and the slab\nis not yet available, a call to memblock_find_in_range() is used to\nreserve/allocate memory. However, the range returned may not have been\naccepted, which can result in a crash when booting an SNP guest:\n\n  RIP: 0010:memcpy_orig+0x68/0x130\n  Code: ...\n  RSP: 0000:ffffffff9cc03ce8 EFLAGS: 00010006\n  RAX: ff11001ff83e5000 RBX: 0000000000000000 RCX: fffffffffffff000\n  RDX: 0000000000000bc0 RSI: ffffffff9dba8860 RDI: ff11001ff83e5c00\n  RBP: 0000000000002000 R08: 0000000000000000 R09: 0000000000002000\n  R10: 000000207fffe000 R11: 0000040000000000 R12: ffffffff9d06ef78\n  R13: ff11001ff83e5000 R14: ffffffff9dba7c60 R15: 0000000000000c00\n  memblock_double_array+0xff/0x310\n  memblock_add_range+0x1fb/0x2f0\n  memblock_reserve+0x4f/0xa0\n  memblock_alloc_range_nid+0xac/0x130\n  memblock_alloc_internal+0x53/0xc0\n  memblock_alloc_try_nid+0x3d/0xa0\n  swiotlb_init_remap+0x149/0x2f0\n  mem_init+0xb/0xb0\n  mm_core_init+0x8f/0x350\n  start_kernel+0x17e/0x5d0\n  x86_64_start_reservations+0x14/0x30\n  x86_64_start_kernel+0x92/0xa0\n  secondary_startup_64_no_verify+0x194/0x19b\n\nMitigate this by calling accept_memory() on the memory range returned\nbefore the slab is available.\n\nPrior to v6.12, the accept_memory() interface used a \u0027start\u0027 and \u0027end\u0027\nparameter instead of \u0027start\u0027 and \u0027size\u0027, therefore the accept_memory()\ncall must be adjusted to specify \u0027start + size\u0027 for \u0027end\u0027 when applying\nto kernels prior to v6.12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37960",
          "url": "https://www.suse.com/security/cve/CVE-2025-37960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243519 for CVE-2025-37960",
          "url": "https://bugzilla.suse.com/1243519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37960"
    },
    {
      "cve": "CVE-2025-37974",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37974"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix missing check for zpci_create_device() error return\n\nThe zpci_create_device() function returns an error pointer that needs to\nbe checked before dereferencing it as a struct zpci_dev pointer. Add the\nmissing check in __clp_add() where it was missed when adding the\nscan_list in the fixed commit. Simply not adding the device to the scan\nlist results in the previous behavior.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37974",
          "url": "https://www.suse.com/security/cve/CVE-2025-37974"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243547 for CVE-2025-37974",
          "url": "https://bugzilla.suse.com/1243547"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37974"
    },
    {
      "cve": "CVE-2025-38152",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38152"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Clear table_sz when rproc_shutdown\n\nThere is case as below could trigger kernel dump:\nUse U-Boot to start remote processor(rproc) with resource table\npublished to a fixed address by rproc. After Kernel boots up,\nstop the rproc, load a new firmware which doesn\u0027t have resource table\n,and start rproc.\n\nWhen starting rproc with a firmware not have resource table,\n`memcpy(loaded_table, rproc-\u003ecached_table, rproc-\u003etable_sz)` will\ntrigger dump, because rproc-\u003ecache_table is set to NULL during the last\nstop operation, but rproc-\u003etable_sz is still valid.\n\nThis issue is found on i.MX8MP and i.MX9.\n\nDump as below:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\nMem abort info:\n  ESR = 0x0000000096000004\n  EC = 0x25: DABT (current EL), IL = 32 bits\n  SET = 0, FnV = 0\n  EA = 0, S1PTW = 0\n  FSC = 0x04: level 0 translation fault\nData abort info:\n  ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af63000\n[0000000000000000] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in:\nCPU: 2 UID: 0 PID: 1060 Comm: sh Not tainted 6.14.0-rc7-next-20250317-dirty #38\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __pi_memcpy_generic+0x110/0x22c\nlr : rproc_start+0x88/0x1e0\nCall trace:\n __pi_memcpy_generic+0x110/0x22c (P)\n rproc_boot+0x198/0x57c\n state_store+0x40/0x104\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x120/0x1cc\n vfs_write+0x240/0x378\n ksys_write+0x70/0x108\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xcc\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n\nClear rproc-\u003etable_sz to address the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38152",
          "url": "https://www.suse.com/security/cve/CVE-2025-38152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241627 for CVE-2025-38152",
          "url": "https://bugzilla.suse.com/1241627"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-38152"
    },
    {
      "cve": "CVE-2025-38637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: skbprio: Remove overly strict queue assertions\n\nIn the current implementation, skbprio enqueue/dequeue contains an assertion\nthat fails under certain conditions when SKBPRIO is used as a child qdisc under\nTBF with specific parameters. The failure occurs because TBF sometimes peeks at\npackets in the child qdisc without actually dequeuing them when tokens are\nunavailable.\n\nThis peek operation creates a discrepancy between the parent and child qdisc\nqueue length counters. When TBF later receives a high-priority packet,\nSKBPRIO\u0027s queue length may show a different value than what\u0027s reflected in its\ninternal priority queue tracking, triggering the assertion.\n\nThe fix removes this overly strict assertions in SKBPRIO, they are not\nnecessary at all.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38637",
          "url": "https://www.suse.com/security/cve/CVE-2025-38637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241657 for CVE-2025-38637",
          "url": "https://bugzilla.suse.com/1241657"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-38637"
    },
    {
      "cve": "CVE-2025-40325",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40325"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: wait barrier before returning discard request with REQ_NOWAIT\n\nraid10_handle_discard should wait barrier before returning a discard bio\nwhich has REQ_NOWAIT. And there is no need to print warning calltrace\nif a discard bio has REQ_NOWAIT flag. Quality engineer usually checks\ndmesg and reports error if dmesg has warning/error calltrace.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40325",
          "url": "https://www.suse.com/security/cve/CVE-2025-40325"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241638 for CVE-2025-40325",
          "url": "https://bugzilla.suse.com/1241638"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_3-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt_debug-devel-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.3.1.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-17T11:37:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-40325"
    }
  ]
}
CVE-2025-23131 (GCVE-0-2025-23131)

Vulnerability from cvelistv5

Published
2025-04-16 14:13
Modified
2025-05-26 05:19
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins"). Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_lockspace_local, leading to a NULL pointer dereference. Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.
References
►
URL
Tags
	https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c
	https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13
Impacted products
Vendor
Product
Version
►
Action not permitted

suse-su-2025:01972-1

Vulnerability from csaf_suse

CVE-2025-23131 (GCVE-0-2025-23131)

Vulnerability from cvelistv5

CVE-2025-21683 (GCVE-0-2025-21683)

Vulnerability from cvelistv5

CVE-2025-21707 (GCVE-0-2025-21707)

Vulnerability from cvelistv5

CVE-2024-50083 (GCVE-0-2024-50083)

Vulnerability from cvelistv5

CVE-2025-22093 (GCVE-0-2025-22093)

Vulnerability from cvelistv5

CVE-2025-21758 (GCVE-0-2025-21758)

Vulnerability from cvelistv5

CVE-2025-22109 (GCVE-0-2025-22109)

Vulnerability from cvelistv5

CVE-2025-40325 (GCVE-0-2025-40325)

Vulnerability from cvelistv5

CVE-2025-37755 (GCVE-0-2025-37755)

Vulnerability from cvelistv5

CVE-2025-37790 (GCVE-0-2025-37790)

Vulnerability from cvelistv5

CVE-2024-46865 (GCVE-0-2024-46865)

Vulnerability from cvelistv5

CVE-2023-53034 (GCVE-0-2023-53034)

Vulnerability from cvelistv5

CVE-2025-22116 (GCVE-0-2025-22116)

Vulnerability from cvelistv5

CVE-2024-58094 (GCVE-0-2024-58094)

Vulnerability from cvelistv5

CVE-2025-37787 (GCVE-0-2025-37787)

Vulnerability from cvelistv5

CVE-2024-58095 (GCVE-0-2024-58095)

Vulnerability from cvelistv5

CVE-2025-37957 (GCVE-0-2025-37957)

Vulnerability from cvelistv5

CVE-2025-38152 (GCVE-0-2025-38152)

Vulnerability from cvelistv5

CVE-2024-57998 (GCVE-0-2024-57998)

Vulnerability from cvelistv5

CVE-2025-21852 (GCVE-0-2025-21852)

Vulnerability from cvelistv5

CVE-2025-37879 (GCVE-0-2025-37879)

Vulnerability from cvelistv5

CVE-2025-37829 (GCVE-0-2025-37829)

Vulnerability from cvelistv5

CVE-2024-58070 (GCVE-0-2024-58070)

Vulnerability from cvelistv5

CVE-2025-37797 (GCVE-0-2025-37797)

Vulnerability from cvelistv5

CVE-2025-37804 (GCVE-0-2025-37804)

Vulnerability from cvelistv5

CVE-2025-21814 (GCVE-0-2025-21814)

Vulnerability from cvelistv5

CVE-2025-37820 (GCVE-0-2025-37820)

Vulnerability from cvelistv5

CVE-2025-37830 (GCVE-0-2025-37830)

Vulnerability from cvelistv5

CVE-2025-22057 (GCVE-0-2025-22057)

Vulnerability from cvelistv5

CVE-2025-22062 (GCVE-0-2025-22062)

Vulnerability from cvelistv5

CVE-2025-23129 (GCVE-0-2025-23129)

Vulnerability from cvelistv5

CVE-2025-23134 (GCVE-0-2025-23134)

Vulnerability from cvelistv5

CVE-2024-58097 (GCVE-0-2024-58097)

Vulnerability from cvelistv5

CVE-2025-22112 (GCVE-0-2025-22112)

Vulnerability from cvelistv5

CVE-2024-46713 (GCVE-0-2024-46713)

Vulnerability from cvelistv5

CVE-2025-22018 (GCVE-0-2025-22018)

Vulnerability from cvelistv5

CVE-2025-37780 (GCVE-0-2025-37780)

Vulnerability from cvelistv5

CVE-2025-37831 (GCVE-0-2025-37831)

Vulnerability from cvelistv5

CVE-2024-56641 (GCVE-0-2024-56641)
