suse-su-2025:01995-1
Vulnerability from csaf_suse
Published
2025-06-18 08:34
Modified
2025-06-18 08:34
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440).
- CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).
- CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745).
- devm-helpers: Add resource managed version of work init (bsc#1242745).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- workqueue: Add resource managed version of delayed work init (bsc#1242745).
- Remove debug flavor (bsc#1243919).
Patchnames
SUSE-2025-1995,SUSE-SUSE-MicroOS-5.1-2025-1995,SUSE-SUSE-MicroOS-5.2-2025-1995
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).\n- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).\n- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).\n- CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440).\n- CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).\n- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).\n- CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).\n- CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).\n- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887).\n- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).\n- CVE-2025-21812: ax25: rcu protect dev-\u003eax25_ptr (bsc#1238471).\n- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).\n- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).\n\nThe following non-security bugs were fixed:\n\n- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev-\u003edevc (bsc#1242745).\n- devm-helpers: Add resource managed version of work init (bsc#1242745).\n- mtd: phram: Add the kernel lock down check (bsc#1232649).\n- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).\n- workqueue: Add resource managed version of delayed work init (bsc#1242745).\n- Remove debug flavor (bsc#1243919).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1995,SUSE-SUSE-MicroOS-5.1-2025-1995,SUSE-SUSE-MicroOS-5.2-2025-1995",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01995-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01995-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01995-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040364.html"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1156395",
"url": "https://bugzilla.suse.com/1156395"
},
{
"category": "self",
"summary": "SUSE Bug 1170891",
"url": "https://bugzilla.suse.com/1170891"
},
{
"category": "self",
"summary": "SUSE Bug 1173139",
"url": "https://bugzilla.suse.com/1173139"
},
{
"category": "self",
"summary": "SUSE Bug 1184350",
"url": "https://bugzilla.suse.com/1184350"
},
{
"category": "self",
"summary": "SUSE Bug 1184611",
"url": "https://bugzilla.suse.com/1184611"
},
{
"category": "self",
"summary": "SUSE Bug 1185010",
"url": "https://bugzilla.suse.com/1185010"
},
{
"category": "self",
"summary": "SUSE Bug 1188772",
"url": "https://bugzilla.suse.com/1188772"
},
{
"category": "self",
"summary": "SUSE Bug 1189883",
"url": "https://bugzilla.suse.com/1189883"
},
{
"category": "self",
"summary": "SUSE Bug 1190358",
"url": "https://bugzilla.suse.com/1190358"
},
{
"category": "self",
"summary": "SUSE Bug 1190428",
"url": "https://bugzilla.suse.com/1190428"
},
{
"category": "self",
"summary": "SUSE Bug 1201644",
"url": "https://bugzilla.suse.com/1201644"
},
{
"category": "self",
"summary": "SUSE Bug 1201664",
"url": "https://bugzilla.suse.com/1201664"
},
{
"category": "self",
"summary": "SUSE Bug 1201672",
"url": "https://bugzilla.suse.com/1201672"
},
{
"category": "self",
"summary": "SUSE Bug 1201673",
"url": "https://bugzilla.suse.com/1201673"
},
{
"category": "self",
"summary": "SUSE Bug 1201676",
"url": "https://bugzilla.suse.com/1201676"
},
{
"category": "self",
"summary": "SUSE Bug 1206073",
"url": "https://bugzilla.suse.com/1206073"
},
{
"category": "self",
"summary": "SUSE Bug 1206649",
"url": "https://bugzilla.suse.com/1206649"
},
{
"category": "self",
"summary": "SUSE Bug 1206886",
"url": "https://bugzilla.suse.com/1206886"
},
{
"category": "self",
"summary": "SUSE Bug 1206887",
"url": "https://bugzilla.suse.com/1206887"
},
{
"category": "self",
"summary": "SUSE Bug 1207198",
"url": "https://bugzilla.suse.com/1207198"
},
{
"category": "self",
"summary": "SUSE Bug 1209657",
"url": "https://bugzilla.suse.com/1209657"
},
{
"category": "self",
"summary": "SUSE Bug 1210337",
"url": "https://bugzilla.suse.com/1210337"
},
{
"category": "self",
"summary": "SUSE Bug 1213476",
"url": "https://bugzilla.suse.com/1213476"
},
{
"category": "self",
"summary": "SUSE Bug 1214842",
"url": "https://bugzilla.suse.com/1214842"
},
{
"category": "self",
"summary": "SUSE Bug 1216702",
"url": "https://bugzilla.suse.com/1216702"
},
{
"category": "self",
"summary": "SUSE Bug 1220754",
"url": "https://bugzilla.suse.com/1220754"
},
{
"category": "self",
"summary": "SUSE Bug 1220985",
"url": "https://bugzilla.suse.com/1220985"
},
{
"category": "self",
"summary": "SUSE Bug 1221015",
"url": "https://bugzilla.suse.com/1221015"
},
{
"category": "self",
"summary": "SUSE Bug 1221044",
"url": "https://bugzilla.suse.com/1221044"
},
{
"category": "self",
"summary": "SUSE Bug 1223932",
"url": "https://bugzilla.suse.com/1223932"
},
{
"category": "self",
"summary": "SUSE Bug 1224099",
"url": "https://bugzilla.suse.com/1224099"
},
{
"category": "self",
"summary": "SUSE Bug 1224482",
"url": "https://bugzilla.suse.com/1224482"
},
{
"category": "self",
"summary": "SUSE Bug 1224511",
"url": "https://bugzilla.suse.com/1224511"
},
{
"category": "self",
"summary": "SUSE Bug 1224592",
"url": "https://bugzilla.suse.com/1224592"
},
{
"category": "self",
"summary": "SUSE Bug 1224831",
"url": "https://bugzilla.suse.com/1224831"
},
{
"category": "self",
"summary": "SUSE Bug 1224832",
"url": "https://bugzilla.suse.com/1224832"
},
{
"category": "self",
"summary": "SUSE Bug 1224834",
"url": "https://bugzilla.suse.com/1224834"
},
{
"category": "self",
"summary": "SUSE Bug 1224841",
"url": "https://bugzilla.suse.com/1224841"
},
{
"category": "self",
"summary": "SUSE Bug 1224843",
"url": "https://bugzilla.suse.com/1224843"
},
{
"category": "self",
"summary": "SUSE Bug 1224846",
"url": "https://bugzilla.suse.com/1224846"
},
{
"category": "self",
"summary": "SUSE Bug 1224849",
"url": "https://bugzilla.suse.com/1224849"
},
{
"category": "self",
"summary": "SUSE Bug 1224854",
"url": "https://bugzilla.suse.com/1224854"
},
{
"category": "self",
"summary": "SUSE Bug 1224859",
"url": "https://bugzilla.suse.com/1224859"
},
{
"category": "self",
"summary": "SUSE Bug 1224882",
"url": "https://bugzilla.suse.com/1224882"
},
{
"category": "self",
"summary": "SUSE Bug 1224889",
"url": "https://bugzilla.suse.com/1224889"
},
{
"category": "self",
"summary": "SUSE Bug 1224891",
"url": "https://bugzilla.suse.com/1224891"
},
{
"category": "self",
"summary": "SUSE Bug 1224892",
"url": "https://bugzilla.suse.com/1224892"
},
{
"category": "self",
"summary": "SUSE Bug 1224893",
"url": "https://bugzilla.suse.com/1224893"
},
{
"category": "self",
"summary": "SUSE Bug 1224904",
"url": "https://bugzilla.suse.com/1224904"
},
{
"category": "self",
"summary": "SUSE Bug 1225360",
"url": "https://bugzilla.suse.com/1225360"
},
{
"category": "self",
"summary": "SUSE Bug 1225411",
"url": "https://bugzilla.suse.com/1225411"
},
{
"category": "self",
"summary": "SUSE Bug 1231193",
"url": "https://bugzilla.suse.com/1231193"
},
{
"category": "self",
"summary": "SUSE Bug 1232649",
"url": "https://bugzilla.suse.com/1232649"
},
{
"category": "self",
"summary": "SUSE Bug 1234887",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "self",
"summary": "SUSE Bug 1235100",
"url": "https://bugzilla.suse.com/1235100"
},
{
"category": "self",
"summary": "SUSE Bug 1237981",
"url": "https://bugzilla.suse.com/1237981"
},
{
"category": "self",
"summary": "SUSE Bug 1238032",
"url": "https://bugzilla.suse.com/1238032"
},
{
"category": "self",
"summary": "SUSE Bug 1238471",
"url": "https://bugzilla.suse.com/1238471"
},
{
"category": "self",
"summary": "SUSE Bug 1240802",
"url": "https://bugzilla.suse.com/1240802"
},
{
"category": "self",
"summary": "SUSE Bug 1242145",
"url": "https://bugzilla.suse.com/1242145"
},
{
"category": "self",
"summary": "SUSE Bug 1242147",
"url": "https://bugzilla.suse.com/1242147"
},
{
"category": "self",
"summary": "SUSE Bug 1242150",
"url": "https://bugzilla.suse.com/1242150"
},
{
"category": "self",
"summary": "SUSE Bug 1242154",
"url": "https://bugzilla.suse.com/1242154"
},
{
"category": "self",
"summary": "SUSE Bug 1242215",
"url": "https://bugzilla.suse.com/1242215"
},
{
"category": "self",
"summary": "SUSE Bug 1242232",
"url": "https://bugzilla.suse.com/1242232"
},
{
"category": "self",
"summary": "SUSE Bug 1242245",
"url": "https://bugzilla.suse.com/1242245"
},
{
"category": "self",
"summary": "SUSE Bug 1242264",
"url": "https://bugzilla.suse.com/1242264"
},
{
"category": "self",
"summary": "SUSE Bug 1242270",
"url": "https://bugzilla.suse.com/1242270"
},
{
"category": "self",
"summary": "SUSE Bug 1242352",
"url": "https://bugzilla.suse.com/1242352"
},
{
"category": "self",
"summary": "SUSE Bug 1242353",
"url": "https://bugzilla.suse.com/1242353"
},
{
"category": "self",
"summary": "SUSE Bug 1242355",
"url": "https://bugzilla.suse.com/1242355"
},
{
"category": "self",
"summary": "SUSE Bug 1242366",
"url": "https://bugzilla.suse.com/1242366"
},
{
"category": "self",
"summary": "SUSE Bug 1242378",
"url": "https://bugzilla.suse.com/1242378"
},
{
"category": "self",
"summary": "SUSE Bug 1242385",
"url": "https://bugzilla.suse.com/1242385"
},
{
"category": "self",
"summary": "SUSE Bug 1242387",
"url": "https://bugzilla.suse.com/1242387"
},
{
"category": "self",
"summary": "SUSE Bug 1242391",
"url": "https://bugzilla.suse.com/1242391"
},
{
"category": "self",
"summary": "SUSE Bug 1242392",
"url": "https://bugzilla.suse.com/1242392"
},
{
"category": "self",
"summary": "SUSE Bug 1242402",
"url": "https://bugzilla.suse.com/1242402"
},
{
"category": "self",
"summary": "SUSE Bug 1242409",
"url": "https://bugzilla.suse.com/1242409"
},
{
"category": "self",
"summary": "SUSE Bug 1242416",
"url": "https://bugzilla.suse.com/1242416"
},
{
"category": "self",
"summary": "SUSE Bug 1242440",
"url": "https://bugzilla.suse.com/1242440"
},
{
"category": "self",
"summary": "SUSE Bug 1242443",
"url": "https://bugzilla.suse.com/1242443"
},
{
"category": "self",
"summary": "SUSE Bug 1242449",
"url": "https://bugzilla.suse.com/1242449"
},
{
"category": "self",
"summary": "SUSE Bug 1242452",
"url": "https://bugzilla.suse.com/1242452"
},
{
"category": "self",
"summary": "SUSE Bug 1242455",
"url": "https://bugzilla.suse.com/1242455"
},
{
"category": "self",
"summary": "SUSE Bug 1242464",
"url": "https://bugzilla.suse.com/1242464"
},
{
"category": "self",
"summary": "SUSE Bug 1242473",
"url": "https://bugzilla.suse.com/1242473"
},
{
"category": "self",
"summary": "SUSE Bug 1242481",
"url": "https://bugzilla.suse.com/1242481"
},
{
"category": "self",
"summary": "SUSE Bug 1242484",
"url": "https://bugzilla.suse.com/1242484"
},
{
"category": "self",
"summary": "SUSE Bug 1242493",
"url": "https://bugzilla.suse.com/1242493"
},
{
"category": "self",
"summary": "SUSE Bug 1242527",
"url": "https://bugzilla.suse.com/1242527"
},
{
"category": "self",
"summary": "SUSE Bug 1242542",
"url": "https://bugzilla.suse.com/1242542"
},
{
"category": "self",
"summary": "SUSE Bug 1242545",
"url": "https://bugzilla.suse.com/1242545"
},
{
"category": "self",
"summary": "SUSE Bug 1242547",
"url": "https://bugzilla.suse.com/1242547"
},
{
"category": "self",
"summary": "SUSE Bug 1242548",
"url": "https://bugzilla.suse.com/1242548"
},
{
"category": "self",
"summary": "SUSE Bug 1242549",
"url": "https://bugzilla.suse.com/1242549"
},
{
"category": "self",
"summary": "SUSE Bug 1242551",
"url": "https://bugzilla.suse.com/1242551"
},
{
"category": "self",
"summary": "SUSE Bug 1242580",
"url": "https://bugzilla.suse.com/1242580"
},
{
"category": "self",
"summary": "SUSE Bug 1242597",
"url": "https://bugzilla.suse.com/1242597"
},
{
"category": "self",
"summary": "SUSE Bug 1242686",
"url": "https://bugzilla.suse.com/1242686"
},
{
"category": "self",
"summary": "SUSE Bug 1242689",
"url": "https://bugzilla.suse.com/1242689"
},
{
"category": "self",
"summary": "SUSE Bug 1242716",
"url": "https://bugzilla.suse.com/1242716"
},
{
"category": "self",
"summary": "SUSE Bug 1242733",
"url": "https://bugzilla.suse.com/1242733"
},
{
"category": "self",
"summary": "SUSE Bug 1242734",
"url": "https://bugzilla.suse.com/1242734"
},
{
"category": "self",
"summary": "SUSE Bug 1242736",
"url": "https://bugzilla.suse.com/1242736"
},
{
"category": "self",
"summary": "SUSE Bug 1242745",
"url": "https://bugzilla.suse.com/1242745"
},
{
"category": "self",
"summary": "SUSE Bug 1242749",
"url": "https://bugzilla.suse.com/1242749"
},
{
"category": "self",
"summary": "SUSE Bug 1242762",
"url": "https://bugzilla.suse.com/1242762"
},
{
"category": "self",
"summary": "SUSE Bug 1242835",
"url": "https://bugzilla.suse.com/1242835"
},
{
"category": "self",
"summary": "SUSE Bug 1243919",
"url": "https://bugzilla.suse.com/1243919"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36790 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36791 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32399 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3743 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47100 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47220 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47229 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47231 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47236 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47239 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47240 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47246 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47246/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47252 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47255 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47260 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47288 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47296 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47314 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47314/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47315 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47315/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47485 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47500 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47511 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3564 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48704 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49110 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49139 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49767 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49769 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49769/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49770 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49771 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49771/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49772 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49775 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49777 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49787 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49788 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49789 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49793 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49794 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49799 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49802 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49809 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49818 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49821 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49824 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49826 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49827 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49830 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49832 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49835 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49836 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49839 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49841 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49842 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49846 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49861 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49870 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49879 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49880 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49881 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49887 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49889 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49892 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49906 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49910 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49915 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49922 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49927 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0160 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1990 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47233 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52508 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52591 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52591/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53039 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53052 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53106 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6531 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35811 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35895 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46814 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53168 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56558 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21999 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37789 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37789/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-06-18T08:34:45Z",
"generator": {
"date": "2025-06-18T08:34:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01995-1",
"initial_release_date": "2025-06-18T08:34:45Z",
"revision_history": [
{
"date": "2025-06-18T08:34:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-150300.211.1.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-150300.211.1.noarch",
"product_id": "kernel-devel-rt-5.3.18-150300.211.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-150300.211.1.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-150300.211.1.noarch",
"product_id": "kernel-source-rt-5.3.18-150300.211.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-150300.211.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-150300.211.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-150300.211.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-150300.211.1.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-150300.211.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-150300.211.1.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt-devel-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt-extra-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt-optional-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt_debug-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-optional-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-rt_debug-optional-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-rt_debug-optional-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-150300.211.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-150300.211.1.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-150300.211.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-150300.211.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-150300.211.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-150300.211.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-150300.211.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.211.1.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.211.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.211.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.211.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.211.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.211.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.211.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.211.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.211.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.211.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a memory leak\n\nWe forgot to free new_model_number",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36790",
"url": "https://www.suse.com/security/cve/CVE-2020-36790"
},
{
"category": "external",
"summary": "SUSE Bug 1242145 for CVE-2020-36790",
"url": "https://bugzilla.suse.com/1242145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-36790"
},
{
"cve": "CVE-2020-36791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: keep alloc_hash updated after hash allocation\n\nIn commit 599be01ee567 (\"net_sched: fix an OOB access in cls_tcindex\")\nI moved cp-\u003ehash calculation before the first\ntcindex_alloc_perfect_hash(), but cp-\u003ealloc_hash is left untouched.\nThis difference could lead to another out of bound access.\n\ncp-\u003ealloc_hash should always be the size allocated, we should\nupdate it after this tcindex_alloc_perfect_hash().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36791",
"url": "https://www.suse.com/security/cve/CVE-2020-36791"
},
{
"category": "external",
"summary": "SUSE Bug 1242835 for CVE-2020-36791",
"url": "https://bugzilla.suse.com/1242835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-36791"
},
{
"cve": "CVE-2021-32399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32399"
}
],
"notes": [
{
"category": "general",
"text": "net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32399",
"url": "https://www.suse.com/security/cve/CVE-2021-32399"
},
{
"category": "external",
"summary": "SUSE Bug 1184611 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1184611"
},
{
"category": "external",
"summary": "SUSE Bug 1185898 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1185898"
},
{
"category": "external",
"summary": "SUSE Bug 1185899 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1185899"
},
{
"category": "external",
"summary": "SUSE Bug 1196174 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1196174"
},
{
"category": "external",
"summary": "SUSE Bug 1200084 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1200084"
},
{
"category": "external",
"summary": "SUSE Bug 1201734 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1201734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2021-32399"
},
{
"cve": "CVE-2021-3743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3743"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3743",
"url": "https://www.suse.com/security/cve/CVE-2021-3743"
},
{
"category": "external",
"summary": "SUSE Bug 1189883 for CVE-2021-3743",
"url": "https://bugzilla.suse.com/1189883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-3743"
},
{
"cve": "CVE-2021-47100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module\n\nHi,\n\nWhen testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko,\nthe system crashed.\n\nThe log as follows:\n[ 141.087026] BUG: unable to handle kernel paging request at ffffffffc09b3a5a\n[ 141.087241] PGD 8fe4c0d067 P4D 8fe4c0d067 PUD 8fe4c0f067 PMD 103ad89067 PTE 0\n[ 141.087464] Oops: 0010 [#1] SMP NOPTI\n[ 141.087580] CPU: 67 PID: 668 Comm: kworker/67:1 Kdump: loaded Not tainted 4.18.0.x86_64 #47\n[ 141.088009] Workqueue: events 0xffffffffc09b3a40\n[ 141.088009] RIP: 0010:0xffffffffc09b3a5a\n[ 141.088009] Code: Bad RIP value.\n[ 141.088009] RSP: 0018:ffffb9094e2c3e88 EFLAGS: 00010246\n[ 141.088009] RAX: 0000000000000000 RBX: ffff9abfdb1f04a0 RCX: 0000000000000000\n[ 141.088009] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\n[ 141.088009] RBP: 0000000000000000 R08: ffff9abfffee3cb8 R09: 00000000000002e1\n[ 141.088009] R10: ffffb9094cb73d90 R11: 00000000000f4240 R12: ffff9abfffee8700\n[ 141.088009] R13: 0000000000000000 R14: ffff9abfdb1f04a0 R15: ffff9abfdb1f04a8\n[ 141.088009] FS: 0000000000000000(0000) GS:ffff9abfffec0000(0000) knlGS:0000000000000000\n[ 141.088009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 141.088009] CR2: ffffffffc09b3a30 CR3: 0000008fe4c0a001 CR4: 00000000007606e0\n[ 141.088009] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 141.088009] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 141.088009] PKRU: 55555554\n[ 141.088009] Call Trace:\n[ 141.088009] ? process_one_work+0x195/0x390\n[ 141.088009] ? worker_thread+0x30/0x390\n[ 141.088009] ? process_one_work+0x390/0x390\n[ 141.088009] ? kthread+0x10d/0x130\n[ 141.088009] ? kthread_flush_work_fn+0x10/0x10\n[ 141.088009] ? ret_from_fork+0x35/0x40] BUG: unable to handle kernel paging request at ffffffffc0b28a5a\n[ 200.223240] PGD 97fe00d067 P4D 97fe00d067 PUD 97fe00f067 PMD a580cbf067 PTE 0\n[ 200.223464] Oops: 0010 [#1] SMP NOPTI\n[ 200.223579] CPU: 63 PID: 664 Comm: kworker/63:1 Kdump: loaded Not tainted 4.18.0.x86_64 #46\n[ 200.224008] Workqueue: events 0xffffffffc0b28a40\n[ 200.224008] RIP: 0010:0xffffffffc0b28a5a\n[ 200.224008] Code: Bad RIP value.\n[ 200.224008] RSP: 0018:ffffbf3c8e2a3e88 EFLAGS: 00010246\n[ 200.224008] RAX: 0000000000000000 RBX: ffffa0799ad6bca0 RCX: 0000000000000000\n[ 200.224008] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\n[ 200.224008] RBP: 0000000000000000 R08: ffff9fe43fde3cb8 R09: 00000000000000d5\n[ 200.224008] R10: ffffbf3c8cb53d90 R11: 00000000000f4240 R12: ffff9fe43fde8700\n[ 200.224008] R13: 0000000000000000 R14: ffffa0799ad6bca0 R15: ffffa0799ad6bca8\n[ 200.224008] FS: 0000000000000000(0000) GS:ffff9fe43fdc0000(0000) knlGS:0000000000000000\n[ 200.224008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 200.224008] CR2: ffffffffc0b28a30 CR3: 00000097fe00a002 CR4: 00000000007606e0\n[ 200.224008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 200.224008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 200.224008] PKRU: 55555554\n[ 200.224008] Call Trace:\n[ 200.224008] ? process_one_work+0x195/0x390\n[ 200.224008] ? worker_thread+0x30/0x390\n[ 200.224008] ? process_one_work+0x390/0x390\n[ 200.224008] ? kthread+0x10d/0x130\n[ 200.224008] ? kthread_flush_work_fn+0x10/0x10\n[ 200.224008] ? ret_from_fork+0x35/0x40\n[ 200.224008] kernel fault(0x1) notification starting on CPU 63\n[ 200.224008] kernel fault(0x1) notification finished on CPU 63\n[ 200.224008] CR2: ffffffffc0b28a5a\n[ 200.224008] ---[ end trace c82a412d93f57412 ]---\n\nThe reason is as follows:\nT1: rmmod ipmi_si.\n -\u003eipmi_unregister_smi()\n -\u003e ipmi_bmc_unregister()\n -\u003e __ipmi_bmc_unregister()\n -\u003e kref_put(\u0026bmc-\u003eusecount, cleanup_bmc_device);\n -\u003e schedule_work(\u0026bmc-\u003eremove_work);\n\nT2: rmmod ipmi_msghandl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47100",
"url": "https://www.suse.com/security/cve/CVE-2021-47100"
},
{
"category": "external",
"summary": "SUSE Bug 1220985 for CVE-2021-47100",
"url": "https://bugzilla.suse.com/1220985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47100"
},
{
"cve": "CVE-2021-47220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47220"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47220",
"url": "https://www.suse.com/security/cve/CVE-2021-47220"
},
{
"category": "external",
"summary": "SUSE Bug 1224859 for CVE-2021-47220",
"url": "https://bugzilla.suse.com/1224859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47220"
},
{
"cve": "CVE-2021-47229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: aardvark: Fix kernel panic during PIO transfer\n\nTrying to start a new PIO transfer by writing value 0 in PIO_START register\nwhen previous transfer has not yet completed (which is indicated by value 1\nin PIO_START) causes an External Abort on CPU, which results in kernel\npanic:\n\n SError Interrupt on CPU0, code 0xbf000002 -- SError\n Kernel panic - not syncing: Asynchronous SError Interrupt\n\nTo prevent kernel panic, it is required to reject a new PIO transfer when\nprevious one has not finished yet.\n\nIf previous PIO transfer is not finished yet, the kernel may issue a new\nPIO request only if the previous PIO transfer timed out.\n\nIn the past the root cause of this issue was incorrectly identified (as it\noften happens during link retraining or after link down event) and special\nhack was implemented in Trusted Firmware to catch all SError events in EL3,\nto ignore errors with code 0xbf000002 and not forwarding any other errors\nto kernel and instead throw panic from EL3 Trusted Firmware handler.\n\nLinks to discussion and patches about this issue:\nhttps://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=3c7dcdac5c50\nhttps://lore.kernel.org/linux-pci/20190316161243.29517-1-repk@triplefau.lt/\nhttps://lore.kernel.org/linux-pci/971be151d24312cc533989a64bd454b4@www.loen.fr/\nhttps://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/1541\n\nBut the real cause was the fact that during link retraining or after link\ndown event the PIO transfer may take longer time, up to the 1.44s until it\ntimes out. This increased probability that a new PIO transfer would be\nissued by kernel while previous one has not finished yet.\n\nAfter applying this change into the kernel, it is possible to revert the\nmentioned TF-A hack and SError events do not have to be caught in TF-A EL3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47229",
"url": "https://www.suse.com/security/cve/CVE-2021-47229"
},
{
"category": "external",
"summary": "SUSE Bug 1224854 for CVE-2021-47229",
"url": "https://bugzilla.suse.com/1224854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47229"
},
{
"cve": "CVE-2021-47231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: fix memory leak in mcba_usb\n\nSyzbot reported memory leak in SocketCAN driver for Microchip CAN BUS\nAnalyzer Tool. The problem was in unfreed usb_coherent.\n\nIn mcba_usb_start() 20 coherent buffers are allocated and there is\nnothing, that frees them:\n\n1) In callback function the urb is resubmitted and that\u0027s all\n2) In disconnect function urbs are simply killed, but URB_FREE_BUFFER\n is not set (see mcba_usb_start) and this flag cannot be used with\n coherent buffers.\n\nFail log:\n| [ 1354.053291][ T8413] mcba_usb 1-1:0.0 can0: device disconnected\n| [ 1367.059384][ T8420] kmemleak: 20 new suspected memory leaks (see /sys/kernel/debug/kmem)\n\nSo, all allocated buffers should be freed with usb_free_coherent()\nexplicitly\n\nNOTE:\nThe same pattern for allocating and freeing coherent buffers\nis used in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47231",
"url": "https://www.suse.com/security/cve/CVE-2021-47231"
},
{
"category": "external",
"summary": "SUSE Bug 1224849 for CVE-2021-47231",
"url": "https://bugzilla.suse.com/1224849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47231"
},
{
"cve": "CVE-2021-47236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cdc_eem: fix tx fixup skb leak\n\nwhen usbnet transmit a skb, eem fixup it in eem_tx_fixup(),\nif skb_copy_expand() failed, it return NULL,\nusbnet_start_xmit() will have no chance to free original skb.\n\nfix it by free orginal skb in eem_tx_fixup() first,\nthen check skb clone status, if failed, return NULL to usbnet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47236",
"url": "https://www.suse.com/security/cve/CVE-2021-47236"
},
{
"category": "external",
"summary": "SUSE Bug 1224841 for CVE-2021-47236",
"url": "https://bugzilla.suse.com/1224841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47236"
},
{
"cve": "CVE-2021-47239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix possible use-after-free in smsc75xx_bind\n\nThe commit 46a8b29c6306 (\"net: usb: fix memory leak in smsc75xx_bind\")\nfails to clean up the work scheduled in smsc75xx_reset-\u003e\nsmsc75xx_set_multicast, which leads to use-after-free if the work is\nscheduled to start after the deallocation. In addition, this patch\nalso removes a dangling pointer - dev-\u003edata[0].\n\nThis patch calls cancel_work_sync to cancel the scheduled work and set\nthe dangling pointer to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47239",
"url": "https://www.suse.com/security/cve/CVE-2021-47239"
},
{
"category": "external",
"summary": "SUSE Bug 1224846 for CVE-2021-47239",
"url": "https://bugzilla.suse.com/1224846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47239"
},
{
"cve": "CVE-2021-47240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: fix OOB Read in qrtr_endpoint_post\n\nSyzbot reported slab-out-of-bounds Read in\nqrtr_endpoint_post. The problem was in wrong\n_size_ type:\n\n\tif (len != ALIGN(size, 4) + hdrlen)\n\t\tgoto err;\n\nIf size from qrtr_hdr is 4294967293 (0xfffffffd), the result of\nALIGN(size, 4) will be 0. In case of len == hdrlen and size == 4294967293\nin header this check won\u0027t fail and\n\n\tskb_put_data(skb, data + hdrlen, size);\n\nwill read out of bound from data, which is hdrlen allocated block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47240",
"url": "https://www.suse.com/security/cve/CVE-2021-47240"
},
{
"category": "external",
"summary": "SUSE Bug 1224843 for CVE-2021-47240",
"url": "https://bugzilla.suse.com/1224843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47240"
},
{
"cve": "CVE-2021-47246",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47246"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix page reclaim for dead peer hairpin\n\nWhen adding a hairpin flow, a firmware-side send queue is created for\nthe peer net device, which claims some host memory pages for its\ninternal ring buffer. If the peer net device is removed/unbound before\nthe hairpin flow is deleted, then the send queue is not destroyed which\nleads to a stack trace on pci device remove:\n\n[ 748.005230] mlx5_core 0000:08:00.2: wait_func:1094:(pid 12985): MANAGE_PAGES(0x108) timeout. Will cause a leak of a command resource\n[ 748.005231] mlx5_core 0000:08:00.2: reclaim_pages:514:(pid 12985): failed reclaiming pages: err -110\n[ 748.001835] mlx5_core 0000:08:00.2: mlx5_reclaim_root_pages:653:(pid 12985): failed reclaiming pages (-110) for func id 0x0\n[ 748.002171] ------------[ cut here ]------------\n[ 748.001177] FW pages counter is 4 after reclaiming all pages\n[ 748.001186] WARNING: CPU: 1 PID: 12985 at drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c:685 mlx5_reclaim_startup_pages+0x34b/0x460 [mlx5_core] [ +0.002771] Modules linked in: cls_flower mlx5_ib mlx5_core ptp pps_core act_mirred sch_ingress openvswitch nsh xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_umad ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay fuse [last unloaded: pps_core]\n[ 748.007225] CPU: 1 PID: 12985 Comm: tee Not tainted 5.12.0+ #1\n[ 748.001376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 748.002315] RIP: 0010:mlx5_reclaim_startup_pages+0x34b/0x460 [mlx5_core]\n[ 748.001679] Code: 28 00 00 00 0f 85 22 01 00 00 48 81 c4 b0 00 00 00 31 c0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c7 40 cc 19 a1 e8 9f 71 0e e2 \u003c0f\u003e 0b e9 30 ff ff ff 48 c7 c7 a0 cc 19 a1 e8 8c 71 0e e2 0f 0b e9\n[ 748.003781] RSP: 0018:ffff88815220faf8 EFLAGS: 00010286\n[ 748.001149] RAX: 0000000000000000 RBX: ffff8881b4900280 RCX: 0000000000000000\n[ 748.001445] RDX: 0000000000000027 RSI: 0000000000000004 RDI: ffffed102a441f51\n[ 748.001614] RBP: 00000000000032b9 R08: 0000000000000001 R09: ffffed1054a15ee8\n[ 748.001446] R10: ffff8882a50af73b R11: ffffed1054a15ee7 R12: fffffbfff07c1e30\n[ 748.001447] R13: dffffc0000000000 R14: ffff8881b492cba8 R15: 0000000000000000\n[ 748.001429] FS: 00007f58bd08b580(0000) GS:ffff8882a5080000(0000) knlGS:0000000000000000\n[ 748.001695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 748.001309] CR2: 000055a026351740 CR3: 00000001d3b48006 CR4: 0000000000370ea0\n[ 748.001506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 748.001483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 748.001654] Call Trace:\n[ 748.000576] ? mlx5_satisfy_startup_pages+0x290/0x290 [mlx5_core]\n[ 748.001416] ? mlx5_cmd_teardown_hca+0xa2/0xd0 [mlx5_core]\n[ 748.001354] ? mlx5_cmd_init_hca+0x280/0x280 [mlx5_core]\n[ 748.001203] mlx5_function_teardown+0x30/0x60 [mlx5_core]\n[ 748.001275] mlx5_uninit_one+0xa7/0xc0 [mlx5_core]\n[ 748.001200] remove_one+0x5f/0xc0 [mlx5_core]\n[ 748.001075] pci_device_remove+0x9f/0x1d0\n[ 748.000833] device_release_driver_internal+0x1e0/0x490\n[ 748.001207] unbind_store+0x19f/0x200\n[ 748.000942] ? sysfs_file_ops+0x170/0x170\n[ 748.001000] kernfs_fop_write_iter+0x2bc/0x450\n[ 748.000970] new_sync_write+0x373/0x610\n[ 748.001124] ? new_sync_read+0x600/0x600\n[ 748.001057] ? lock_acquire+0x4d6/0x700\n[ 748.000908] ? lockdep_hardirqs_on_prepare+0x400/0x400\n[ 748.001126] ? fd_install+0x1c9/0x4d0\n[ 748.000951] vfs_write+0x4d0/0x800\n[ 748.000804] ksys_write+0xf9/0x1d0\n[ 748.000868] ? __x64_sys_read+0xb0/0xb0\n[ 748.000811] ? filp_open+0x50/0x50\n[ 748.000919] ? syscall_enter_from_user_mode+0x1d/0x50\n[ 748.001223] do_syscall_64+0x3f/0x80\n[ 748.000892] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 748.00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47246",
"url": "https://www.suse.com/security/cve/CVE-2021-47246"
},
{
"category": "external",
"summary": "SUSE Bug 1224831 for CVE-2021-47246",
"url": "https://bugzilla.suse.com/1224831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "low"
}
],
"title": "CVE-2021-47246"
},
{
"cve": "CVE-2021-47252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Avoid WARN_ON timing related checks\n\nThe soft/batadv interface for a queued OGM can be changed during the time\nthe OGM was queued for transmission and when the OGM is actually\ntransmitted by the worker.\n\nBut WARN_ON must be used to denote kernel bugs and not to print simple\nwarnings. A warning can simply be printed using pr_warn.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47252",
"url": "https://www.suse.com/security/cve/CVE-2021-47252"
},
{
"category": "external",
"summary": "SUSE Bug 1224882 for CVE-2021-47252",
"url": "https://bugzilla.suse.com/1224882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47252"
},
{
"cve": "CVE-2021-47255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: LAPIC: Restore guard to prevent illegal APIC register access\n\nPer the SDM, \"any access that touches bytes 4 through 15 of an APIC\nregister may cause undefined behavior and must not be executed.\"\nWorse, such an access in kvm_lapic_reg_read can result in a leak of\nkernel stack contents. Prior to commit 01402cf81051 (\"kvm: LAPIC:\nwrite down valid APIC registers\"), such an access was explicitly\ndisallowed. Restore the guard that was removed in that commit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47255",
"url": "https://www.suse.com/security/cve/CVE-2021-47255"
},
{
"category": "external",
"summary": "SUSE Bug 1224832 for CVE-2021-47255",
"url": "https://bugzilla.suse.com/1224832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47255"
},
{
"cve": "CVE-2021-47260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47260"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential NULL dereference in nfs_get_client()\n\nNone of the callers are expecting NULL returns from nfs_get_client() so\nthis code will lead to an Oops. It\u0027s better to return an error\npointer. I expect that this is dead code so hopefully no one is\naffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47260",
"url": "https://www.suse.com/security/cve/CVE-2021-47260"
},
{
"category": "external",
"summary": "SUSE Bug 1224834 for CVE-2021-47260",
"url": "https://bugzilla.suse.com/1224834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47260"
},
{
"cve": "CVE-2021-47288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()\n\nFix an 11-year old bug in ngene_command_config_free_buf() while\naddressing the following warnings caught with -Warray-bounds:\n\narch/alpha/include/asm/string.h:22:16: warning: \u0027__builtin_memcpy\u0027 offset [12, 16] from the object at \u0027com\u0027 is out of the bounds of referenced subobject \u0027config\u0027 with type \u0027unsigned char\u0027 at offset 10 [-Warray-bounds]\narch/x86/include/asm/string_32.h:182:25: warning: \u0027__builtin_memcpy\u0027 offset [12, 16] from the object at \u0027com\u0027 is out of the bounds of referenced subobject \u0027config\u0027 with type \u0027unsigned char\u0027 at offset 10 [-Warray-bounds]\n\nThe problem is that the original code is trying to copy 6 bytes of\ndata into a one-byte size member _config_ of the wrong structue\nFW_CONFIGURE_BUFFERS, in a single call to memcpy(). This causes a\nlegitimate compiler warning because memcpy() overruns the length\nof \u0026com.cmd.ConfigureBuffers.config. It seems that the right\nstructure is FW_CONFIGURE_FREE_BUFFERS, instead, because it contains\n6 more members apart from the header _hdr_. Also, the name of\nthe function ngene_command_config_free_buf() suggests that the actual\nintention is to ConfigureFreeBuffers, instead of ConfigureBuffers\n(which takes place in the function ngene_command_config_buf(), above).\n\nFix this by enclosing those 6 members of struct FW_CONFIGURE_FREE_BUFFERS\ninto new struct config, and use \u0026com.cmd.ConfigureFreeBuffers.config as\nthe destination address, instead of \u0026com.cmd.ConfigureBuffers.config,\nwhen calling memcpy().\n\nThis also helps with the ongoing efforts to globally enable\n-Warray-bounds and get us closer to being able to tighten the\nFORTIFY_SOURCE routines on memcpy().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47288",
"url": "https://www.suse.com/security/cve/CVE-2021-47288"
},
{
"category": "external",
"summary": "SUSE Bug 1224889 for CVE-2021-47288",
"url": "https://bugzilla.suse.com/1224889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47288"
},
{
"cve": "CVE-2021-47296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47296"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak\n\nvcpu_put is not called if the user copy fails. This can result in preempt\nnotifier corruption and crashes, among other issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47296",
"url": "https://www.suse.com/security/cve/CVE-2021-47296"
},
{
"category": "external",
"summary": "SUSE Bug 1224891 for CVE-2021-47296",
"url": "https://bugzilla.suse.com/1224891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47296"
},
{
"cve": "CVE-2021-47314",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47314"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: fsl_ifc: fix leak of private memory on probe failure\n\nOn probe error the driver should free the memory allocated for private\nstructure. Fix this by using resource-managed allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47314",
"url": "https://www.suse.com/security/cve/CVE-2021-47314"
},
{
"category": "external",
"summary": "SUSE Bug 1224893 for CVE-2021-47314",
"url": "https://bugzilla.suse.com/1224893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "low"
}
],
"title": "CVE-2021-47314"
},
{
"cve": "CVE-2021-47315",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47315"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: fsl_ifc: fix leak of IO mapping on probe failure\n\nOn probe error the driver should unmap the IO memory. Smatch reports:\n\n drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: \u0027fsl_ifc_ctrl_dev-\u003egregs\u0027 not released on lines: 298.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47315",
"url": "https://www.suse.com/security/cve/CVE-2021-47315"
},
{
"category": "external",
"summary": "SUSE Bug 1224892 for CVE-2021-47315",
"url": "https://bugzilla.suse.com/1224892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "low"
}
],
"title": "CVE-2021-47315"
},
{
"cve": "CVE-2021-47485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields\n\nOverflowing either addrlimit or bytes_togo can allow userspace to trigger\na buffer overflow of kernel memory. Check for overflows in all the places\ndoing math on user controlled buffers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47485",
"url": "https://www.suse.com/security/cve/CVE-2021-47485"
},
{
"category": "external",
"summary": "SUSE Bug 1224904 for CVE-2021-47485",
"url": "https://bugzilla.suse.com/1224904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-47485"
},
{
"cve": "CVE-2021-47500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: mma8452: Fix trigger reference couting\n\nThe mma8452 driver directly assigns a trigger to the struct iio_dev. The\nIIO core when done using this trigger will call `iio_trigger_put()` to drop\nthe reference count by 1.\n\nWithout the matching `iio_trigger_get()` in the driver the reference count\ncan reach 0 too early, the trigger gets freed while still in use and a\nuse-after-free occurs.\n\nFix this by getting a reference to the trigger before assigning it to the\nIIO device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47500",
"url": "https://www.suse.com/security/cve/CVE-2021-47500"
},
{
"category": "external",
"summary": "SUSE Bug 1225360 for CVE-2021-47500",
"url": "https://bugzilla.suse.com/1225360"
},
{
"category": "external",
"summary": "SUSE Bug 1227698 for CVE-2021-47500",
"url": "https://bugzilla.suse.com/1227698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2021-47500"
},
{
"cve": "CVE-2021-47511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47511"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Fix negative period/buffer sizes\n\nThe period size calculation in OSS layer may receive a negative value\nas an error, but the code there assumes only the positive values and\nhandle them with size_t. Due to that, a too big value may be passed\nto the lower layers.\n\nThis patch changes the code to handle with ssize_t and adds the proper\nerror checks appropriately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47511",
"url": "https://www.suse.com/security/cve/CVE-2021-47511"
},
{
"category": "external",
"summary": "SUSE Bug 1225411 for CVE-2021-47511",
"url": "https://bugzilla.suse.com/1225411"
},
{
"category": "external",
"summary": "SUSE Bug 1227700 for CVE-2021-47511",
"url": "https://bugzilla.suse.com/1227700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2021-47511"
},
{
"cve": "CVE-2022-3564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3564"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3564",
"url": "https://www.suse.com/security/cve/CVE-2022-3564"
},
{
"category": "external",
"summary": "SUSE Bug 1206073 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1206073"
},
{
"category": "external",
"summary": "SUSE Bug 1206314 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1206314"
},
{
"category": "external",
"summary": "SUSE Bug 1208030 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208030"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1208085 for CVE-2022-3564",
"url": "https://bugzilla.suse.com/1208085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2022-3564"
},
{
"cve": "CVE-2022-48704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: add a force flush to delay work when radeon\n\nAlthough radeon card fence and wait for gpu to finish processing current batch rings,\nthere is still a corner case that radeon lockup work queue may not be fully flushed,\nand meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to\nput device in D3hot state.\nPer PCI spec rev 4.0 on 5.3.1.4.1 D3hot State.\n\u003e Configuration and Message requests are the only TLPs accepted by a Function in\n\u003e the D3hot state. All other received Requests must be handled as Unsupported Requests,\n\u003e and all received Completions may optionally be handled as Unexpected Completions.\nThis issue will happen in following logs:\nUnable to handle kernel paging request at virtual address 00008800e0008010\nCPU 0 kworker/0:3(131): Oops 0\npc = [\u003cffffffff811bea5c\u003e] ra = [\u003cffffffff81240844\u003e] ps = 0000 Tainted: G W\npc is at si_gpu_check_soft_reset+0x3c/0x240\nra is at si_dma_is_lockup+0x34/0xd0\nv0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000\nt2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258\nt5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000\ns0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018\ns3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000\ns6 = fff00007ef07bd98\na0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008\na3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338\nt8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800\nt11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000\ngp = ffffffff81d89690 sp = 00000000aa814126\nDisabling lock debugging due to kernel taint\nTrace:\n[\u003cffffffff81240844\u003e] si_dma_is_lockup+0x34/0xd0\n[\u003cffffffff81119610\u003e] radeon_fence_check_lockup+0xd0/0x290\n[\u003cffffffff80977010\u003e] process_one_work+0x280/0x550\n[\u003cffffffff80977350\u003e] worker_thread+0x70/0x7c0\n[\u003cffffffff80977410\u003e] worker_thread+0x130/0x7c0\n[\u003cffffffff80982040\u003e] kthread+0x200/0x210\n[\u003cffffffff809772e0\u003e] worker_thread+0x0/0x7c0\n[\u003cffffffff80981f8c\u003e] kthread+0x14c/0x210\n[\u003cffffffff80911658\u003e] ret_from_kernel_thread+0x18/0x20\n[\u003cffffffff80981e40\u003e] kthread+0x0/0x210\n Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101\n \u003c88210000\u003e 4821ed21\nSo force lockup work queue flush to fix this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48704",
"url": "https://www.suse.com/security/cve/CVE-2022-48704"
},
{
"category": "external",
"summary": "SUSE Bug 1223932 for CVE-2022-48704",
"url": "https://bugzilla.suse.com/1223932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-48704"
},
{
"cve": "CVE-2022-49110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: revisit gc autotuning\n\nas of commit 4608fdfc07e1\n(\"netfilter: conntrack: collect all entries in one cycle\")\nconntrack gc was changed to run every 2 minutes.\n\nOn systems where conntrack hash table is set to large value, most evictions\nhappen from gc worker rather than the packet path due to hash table\ndistribution.\n\nThis causes netlink event overflows when events are collected.\n\nThis change collects average expiry of scanned entries and\nreschedules to the average remaining value, within 1 to 60 second interval.\n\nTo avoid event overflows, reschedule after each bucket and add a\nlimit for both run time and number of evictions per run.\n\nIf more entries have to be evicted, reschedule and restart 1 jiffy\ninto the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49110",
"url": "https://www.suse.com/security/cve/CVE-2022-49110"
},
{
"category": "external",
"summary": "SUSE Bug 1237981 for CVE-2022-49110",
"url": "https://bugzilla.suse.com/1237981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49110"
},
{
"cve": "CVE-2022-49139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix null ptr deref on hci_sync_conn_complete_evt\n\nThis event is just specified for SCO and eSCO link types.\nOn the reception of a HCI_Synchronous_Connection_Complete for a BDADDR\nof an existing LE connection, LE link type and a status that triggers the\nsecond case of the packet processing a NULL pointer dereference happens,\nas conn-\u003elink is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49139",
"url": "https://www.suse.com/security/cve/CVE-2022-49139"
},
{
"category": "external",
"summary": "SUSE Bug 1238032 for CVE-2022-49139",
"url": "https://bugzilla.suse.com/1238032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49139"
},
{
"cve": "CVE-2022-49767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/trans_fd: always use O_NONBLOCK read/write\n\nsyzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop()\n from p9_conn_destroy() from p9_fd_close() is failing to interrupt already\nstarted kernel_read() from p9_fd_read() from p9_read_work() and/or\nkernel_write() from p9_fd_write() from p9_write_work() requests.\n\nSince p9_socket_open() sets O_NONBLOCK flag, p9_mux_poll_stop() does not\nneed to interrupt kernel_read()/kernel_write(). However, since p9_fd_open()\ndoes not set O_NONBLOCK flag, but pipe blocks unless signal is pending,\np9_mux_poll_stop() needs to interrupt kernel_read()/kernel_write() when\nthe file descriptor refers to a pipe. In other words, pipe file descriptor\nneeds to be handled as if socket file descriptor.\n\nWe somehow need to interrupt kernel_read()/kernel_write() on pipes.\n\nA minimal change, which this patch is doing, is to set O_NONBLOCK flag\n from p9_fd_open(), for O_NONBLOCK flag does not affect reading/writing\nof regular files. But this approach changes O_NONBLOCK flag on userspace-\nsupplied file descriptors (which might break userspace programs), and\nO_NONBLOCK flag could be changed by userspace. It would be possible to set\nO_NONBLOCK flag every time p9_fd_read()/p9_fd_write() is invoked, but still\nremains small race window for clearing O_NONBLOCK flag.\n\nIf we don\u0027t want to manipulate O_NONBLOCK flag, we might be able to\nsurround kernel_read()/kernel_write() with set_thread_flag(TIF_SIGPENDING)\nand recalc_sigpending(). Since p9_read_work()/p9_write_work() works are\nprocessed by kernel threads which process global system_wq workqueue,\nsignals could not be delivered from remote threads when p9_mux_poll_stop()\n from p9_conn_destroy() from p9_fd_close() is called. Therefore, calling\nset_thread_flag(TIF_SIGPENDING)/recalc_sigpending() every time would be\nneeded if we count on signals for making kernel_read()/kernel_write()\nnon-blocking.\n\n[Dominique: add comment at Christian\u0027s suggestion]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49767",
"url": "https://www.suse.com/security/cve/CVE-2022-49767"
},
{
"category": "external",
"summary": "SUSE Bug 1242493 for CVE-2022-49767",
"url": "https://bugzilla.suse.com/1242493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49767"
},
{
"cve": "CVE-2022-49769",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49769"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Check sb_bsize_shift after reading superblock\n\nFuzzers like to scribble over sb_bsize_shift but in reality it\u0027s very\nunlikely that this field would be corrupted on its own. Nevertheless it\nshould be checked to avoid the possibility of messy mount errors due to\nbad calculations. It\u0027s always a fixed value based on the block size so\nwe can just check that it\u0027s the expected value.\n\nTested with:\n\n mkfs.gfs2 -O -p lock_nolock /dev/vdb\n for i in 0 -1 64 65 32 33; do\n gfs2_edit -p sb field sb_bsize_shift $i /dev/vdb\n mount /dev/vdb /mnt/test \u0026\u0026 umount /mnt/test\n done\n\nBefore this patch we get a withdraw after\n\n[ 76.413681] gfs2: fsid=loop0.0: fatal: invalid metadata block\n[ 76.413681] bh = 19 (type: exp=5, found=4)\n[ 76.413681] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492\n\nand with UBSAN configured we also get complaints like\n\n[ 76.373395] UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19\n[ 76.373815] shift exponent 4294967287 is too large for 64-bit type \u0027long unsigned int\u0027\n\nAfter the patch, these complaints don\u0027t appear, mount fails immediately\nand we get an explanation in dmesg.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49769",
"url": "https://www.suse.com/security/cve/CVE-2022-49769"
},
{
"category": "external",
"summary": "SUSE Bug 1242440 for CVE-2022-49769",
"url": "https://bugzilla.suse.com/1242440"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49769"
},
{
"cve": "CVE-2022-49770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: avoid putting the realm twice when decoding snaps fails\n\nWhen decoding the snaps fails it maybe leaving the \u0027first_realm\u0027\nand \u0027realm\u0027 pointing to the same snaprealm memory. And then it\u0027ll\nput it twice and could cause random use-after-free, BUG_ON, etc\nissues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49770",
"url": "https://www.suse.com/security/cve/CVE-2022-49770"
},
{
"category": "external",
"summary": "SUSE Bug 1242597 for CVE-2022-49770",
"url": "https://bugzilla.suse.com/1242597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49770"
},
{
"cve": "CVE-2022-49771",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49771"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm ioctl: fix misbehavior if list_versions races with module loading\n\n__list_versions will first estimate the required space using the\n\"dm_target_iterate(list_version_get_needed, \u0026needed)\" call and then will\nfill the space using the \"dm_target_iterate(list_version_get_info,\n\u0026iter_info)\" call. Each of these calls locks the targets using the\n\"down_read(\u0026_lock)\" and \"up_read(\u0026_lock)\" calls, however between the first\nand second \"dm_target_iterate\" there is no lock held and the target\nmodules can be loaded at this point, so the second \"dm_target_iterate\"\ncall may need more space than what was the first \"dm_target_iterate\"\nreturned.\n\nThe code tries to handle this overflow (see the beginning of\nlist_version_get_info), however this handling is incorrect.\n\nThe code sets \"param-\u003edata_size = param-\u003edata_start + needed\" and\n\"iter_info.end = (char *)vers+len\" - \"needed\" is the size returned by the\nfirst dm_target_iterate call; \"len\" is the size of the buffer allocated by\nuserspace.\n\n\"len\" may be greater than \"needed\"; in this case, the code will write up\nto \"len\" bytes into the buffer, however param-\u003edata_size is set to\n\"needed\", so it may write data past the param-\u003edata_size value. The ioctl\ninterface copies only up to param-\u003edata_size into userspace, thus part of\nthe result will be truncated.\n\nFix this bug by setting \"iter_info.end = (char *)vers + needed;\" - this\nguarantees that the second \"dm_target_iterate\" call will write only up to\nthe \"needed\" buffer and it will exit with \"DM_BUFFER_FULL_FLAG\" if it\noverflows the \"needed\" space - in this case, userspace will allocate a\nlarger buffer and retry.\n\nNote that there is also a bug in list_version_get_needed - we need to add\n\"strlen(tt-\u003ename) + 1\" to the needed size, not \"strlen(tt-\u003ename)\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49771",
"url": "https://www.suse.com/security/cve/CVE-2022-49771"
},
{
"category": "external",
"summary": "SUSE Bug 1242686 for CVE-2022-49771",
"url": "https://bugzilla.suse.com/1242686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49771"
},
{
"cve": "CVE-2022-49772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()\n\nsnd_usbmidi_output_open() has a check of the NULL port with\nsnd_BUG_ON(). snd_BUG_ON() was used as this shouldn\u0027t have happened,\nbut in reality, the NULL port may be seen when the device gives an\ninvalid endpoint setup at the descriptor, hence the driver skips the\nallocation. That is, the check itself is valid and snd_BUG_ON()\nshould be dropped from there. Otherwise it\u0027s confusing as if it were\na real bug, as recently syzbot stumbled on it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49772",
"url": "https://www.suse.com/security/cve/CVE-2022-49772"
},
{
"category": "external",
"summary": "SUSE Bug 1242147 for CVE-2022-49772",
"url": "https://bugzilla.suse.com/1242147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49772"
},
{
"cve": "CVE-2022-49775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: cdg: allow tcp_cdg_release() to be called multiple times\n\nApparently, mptcp is able to call tcp_disconnect() on an already\ndisconnected flow. This is generally fine, unless current congestion\ncontrol is CDG, because it might trigger a double-free [1]\n\nInstead of fixing MPTCP, and future bugs, we can make tcp_disconnect()\nmore resilient.\n\n[1]\nBUG: KASAN: double-free in slab_free mm/slub.c:3539 [inline]\nBUG: KASAN: double-free in kfree+0xe2/0x580 mm/slub.c:4567\n\nCPU: 0 PID: 3645 Comm: kworker/0:7 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: events mptcp_worker\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x719 mm/kasan/report.c:433\nkasan_report_invalid_free+0x81/0x190 mm/kasan/report.c:462\n____kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:356\nkasan_slab_free include/linux/kasan.h:200 [inline]\nslab_free_hook mm/slub.c:1759 [inline]\nslab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785\nslab_free mm/slub.c:3539 [inline]\nkfree+0xe2/0x580 mm/slub.c:4567\ntcp_disconnect+0x980/0x1e20 net/ipv4/tcp.c:3145\n__mptcp_close_ssk+0x5ca/0x7e0 net/mptcp/protocol.c:2327\nmptcp_do_fastclose net/mptcp/protocol.c:2592 [inline]\nmptcp_worker+0x78c/0xff0 net/mptcp/protocol.c:2627\nprocess_one_work+0x991/0x1610 kernel/workqueue.c:2289\nworker_thread+0x665/0x1080 kernel/workqueue.c:2436\nkthread+0x2e4/0x3a0 kernel/kthread.c:376\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n\u003c/TASK\u003e\n\nAllocated by task 3671:\nkasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\nkasan_set_track mm/kasan/common.c:45 [inline]\nset_alloc_info mm/kasan/common.c:437 [inline]\n____kasan_kmalloc mm/kasan/common.c:516 [inline]\n____kasan_kmalloc mm/kasan/common.c:475 [inline]\n__kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525\nkmalloc_array include/linux/slab.h:640 [inline]\nkcalloc include/linux/slab.h:671 [inline]\ntcp_cdg_init+0x10d/0x170 net/ipv4/tcp_cdg.c:380\ntcp_init_congestion_control+0xab/0x550 net/ipv4/tcp_cong.c:193\ntcp_reinit_congestion_control net/ipv4/tcp_cong.c:217 [inline]\ntcp_set_congestion_control+0x96c/0xaa0 net/ipv4/tcp_cong.c:391\ndo_tcp_setsockopt+0x505/0x2320 net/ipv4/tcp.c:3513\ntcp_setsockopt+0xd4/0x100 net/ipv4/tcp.c:3801\nmptcp_setsockopt+0x35f/0x2570 net/mptcp/sockopt.c:844\n__sys_setsockopt+0x2d6/0x690 net/socket.c:2252\n__do_sys_setsockopt net/socket.c:2263 [inline]\n__se_sys_setsockopt net/socket.c:2260 [inline]\n__x64_sys_setsockopt+0xba/0x150 net/socket.c:2260\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 16:\nkasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\nkasan_set_track+0x21/0x30 mm/kasan/common.c:45\nkasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370\n____kasan_slab_free mm/kasan/common.c:367 [inline]\n____kasan_slab_free+0x166/0x1c0 mm/kasan/common.c:329\nkasan_slab_free include/linux/kasan.h:200 [inline]\nslab_free_hook mm/slub.c:1759 [inline]\nslab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785\nslab_free mm/slub.c:3539 [inline]\nkfree+0xe2/0x580 mm/slub.c:4567\ntcp_cleanup_congestion_control+0x70/0x120 net/ipv4/tcp_cong.c:226\ntcp_v4_destroy_sock+0xdd/0x750 net/ipv4/tcp_ipv4.c:2254\ntcp_v6_destroy_sock+0x11/0x20 net/ipv6/tcp_ipv6.c:1969\ninet_csk_destroy_sock+0x196/0x440 net/ipv4/inet_connection_sock.c:1157\ntcp_done+0x23b/0x340 net/ipv4/tcp.c:4649\ntcp_rcv_state_process+0x40e7/0x4990 net/ipv4/tcp_input.c:6624\ntcp_v6_do_rcv+0x3fc/0x13c0 net/ipv6/tcp_ipv6.c:1525\ntcp_v6_rcv+0x2e8e/0x3830 net/ipv6/tcp_ipv6.c:1759\nip6_protocol_deliver_rcu+0x2db/0x1950 net/ipv6/ip6_input.c:439\nip6_input_finish+0x14c/0x2c0 net/ipv6/ip6_input.c:484\nNF_HOOK include/linux/netfilter.h:302 [inline]\nNF_HOOK include/linux/netfilter.h:296 [inline]\nip6_input+0x9c/0xd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49775",
"url": "https://www.suse.com/security/cve/CVE-2022-49775"
},
{
"category": "external",
"summary": "SUSE Bug 1242245 for CVE-2022-49775",
"url": "https://bugzilla.suse.com/1242245"
},
{
"category": "external",
"summary": "SUSE Bug 1242257 for CVE-2022-49775",
"url": "https://bugzilla.suse.com/1242257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2022-49775"
},
{
"cve": "CVE-2022-49777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49777"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: i8042 - fix leaking of platform device on module removal\n\nAvoid resetting the module-wide i8042_platform_device pointer in\ni8042_probe() or i8042_remove(), so that the device can be properly\ndestroyed by i8042_exit() on module unload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49777",
"url": "https://www.suse.com/security/cve/CVE-2022-49777"
},
{
"category": "external",
"summary": "SUSE Bug 1242232 for CVE-2022-49777",
"url": "https://bugzilla.suse.com/1242232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49777"
},
{
"cve": "CVE-2022-49787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()\n\npci_get_device() will increase the reference count for the returned\npci_dev. We need to use pci_dev_put() to decrease the reference count\nbefore amd_probe() returns. There is no problem for the \u0027smbus_dev ==\nNULL\u0027 branch because pci_dev_put() can also handle the NULL input\nparameter case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49787",
"url": "https://www.suse.com/security/cve/CVE-2022-49787"
},
{
"category": "external",
"summary": "SUSE Bug 1242352 for CVE-2022-49787",
"url": "https://bugzilla.suse.com/1242352"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49787"
},
{
"cve": "CVE-2022-49788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()\n\n`struct vmci_event_qp` allocated by qp_notify_peer() contains padding,\nwhich may carry uninitialized data to the userspace, as observed by\nKMSAN:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121\n instrument_copy_to_user ./include/linux/instrumented.h:121\n _copy_to_user+0x5f/0xb0 lib/usercopy.c:33\n copy_to_user ./include/linux/uaccess.h:169\n vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431\n vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925\n vfs_ioctl fs/ioctl.c:51\n ...\n\n Uninit was stored to memory at:\n kmemdup+0x74/0xb0 mm/util.c:131\n dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271\n vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339\n qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940\n vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488\n vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927\n ...\n\n Local variable ev created at:\n qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n\n Bytes 28-31 of 48 are uninitialized\n Memory access of size 48 starts at ffff888035155e00\n Data copied to user address 0000000020000100\n\nUse memset() to prevent the infoleaks.\n\nAlso speculatively fix qp_notify_peer_local(), which may suffer from the\nsame problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49788",
"url": "https://www.suse.com/security/cve/CVE-2022-49788"
},
{
"category": "external",
"summary": "SUSE Bug 1242353 for CVE-2022-49788",
"url": "https://bugzilla.suse.com/1242353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49788"
},
{
"cve": "CVE-2022-49789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49789"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: zfcp: Fix double free of FSF request when qdio send fails\n\nWe used to use the wrong type of integer in \u0027zfcp_fsf_req_send()\u0027 to cache\nthe FSF request ID when sending a new FSF request. This is used in case the\nsending fails and we need to remove the request from our internal hash\ntable again (so we don\u0027t keep an invalid reference and use it when we free\nthe request again).\n\nIn \u0027zfcp_fsf_req_send()\u0027 we used to cache the ID as \u0027int\u0027 (signed and 32\nbit wide), but the rest of the zfcp code (and the firmware specification)\nhandles the ID as \u0027unsigned long\u0027/\u0027u64\u0027 (unsigned and 64 bit wide [s390x\nELF ABI]). For one this has the obvious problem that when the ID grows\npast 32 bit (this can happen reasonably fast) it is truncated to 32 bit\nwhen storing it in the cache variable and so doesn\u0027t match the original ID\nanymore. The second less obvious problem is that even when the original ID\nhas not yet grown past 32 bit, as soon as the 32nd bit is set in the\noriginal ID (0x80000000 = 2\u0027147\u0027483\u0027648) we will have a mismatch when we\ncast it back to \u0027unsigned long\u0027. As the cached variable is of a signed\ntype, the compiler will choose a sign-extending instruction to load the 32\nbit variable into a 64 bit register (e.g.: \u0027lgf %r11,188(%r15)\u0027). So once\nwe pass the cached variable into \u0027zfcp_reqlist_find_rm()\u0027 to remove the\nrequest again all the leading zeros will be flipped to ones to extend the\nsign and won\u0027t match the original ID anymore (this has been observed in\npractice).\n\nIf we can\u0027t successfully remove the request from the hash table again after\n\u0027zfcp_qdio_send()\u0027 fails (this happens regularly when zfcp cannot notify\nthe adapter about new work because the adapter is already gone during\ne.g. a ChpID toggle) we will end up with a double free. We unconditionally\nfree the request in the calling function when \u0027zfcp_fsf_req_send()\u0027 fails,\nbut because the request is still in the hash table we end up with a stale\nmemory reference, and once the zfcp adapter is either reset during recovery\nor shutdown we end up freeing the same memory twice.\n\nThe resulting stack traces vary depending on the kernel and have no direct\ncorrelation to the place where the bug occurs. Here are three examples that\nhave been seen in practice:\n\n list_del corruption. next-\u003eprev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00)\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:62!\n monitor event: 0040 ilc:2 [#1] PREEMPT SMP\n Modules linked in: ...\n CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded\n Hardware name: ...\n Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3\n Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6\n 0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8\n 00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800\n 00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70\n Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336\n 00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8\n #00000003cbeea1f4: af000000 mc 0,0\n \u003e00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78\n 00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48\n 00000003cbeea204: b9040043 lgr %r4,%r3\n 00000003cbeea208: b9040051 lgr %r5,%r1\n 00000003cbeea20c: b9040032 lgr %r3,%r2\n Call Trace:\n [\u003c00000003cbeea1f8\u003e] __list_del_entry_valid+0x98/0x140\n ([\u003c00000003cbeea1f4\u003e] __list_del_entry_valid+0x94/0x140)\n [\u003c000003ff7ff502fe\u003e] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp]\n [\u003c000003ff7ff49cd0\u003e] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp]\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49789",
"url": "https://www.suse.com/security/cve/CVE-2022-49789"
},
{
"category": "external",
"summary": "SUSE Bug 1242366 for CVE-2022-49789",
"url": "https://bugzilla.suse.com/1242366"
},
{
"category": "external",
"summary": "SUSE Bug 1242376 for CVE-2022-49789",
"url": "https://bugzilla.suse.com/1242376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2022-49789"
},
{
"cve": "CVE-2022-49790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - invert valid length check when fetching device IDs\n\nsyzbot is reporting uninitialized value at iforce_init_device() [1], for\ncommit 6ac0aec6b0a6 (\"Input: iforce - allow callers supply data buffer\nwhen fetching device IDs\") is checking that valid length is shorter than\nbytes to read. Since iforce_get_id_packet() stores valid length when\nreturning 0, the caller needs to check that valid length is longer than or\nequals to bytes to read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49790",
"url": "https://www.suse.com/security/cve/CVE-2022-49790"
},
{
"category": "external",
"summary": "SUSE Bug 1242387 for CVE-2022-49790",
"url": "https://bugzilla.suse.com/1242387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49790"
},
{
"cve": "CVE-2022-49793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()\n\ndev_set_name() allocates memory for name, it need be freed\nwhen device_add() fails, call put_device() to give up the\nreference that hold in device_initialize(), so that it can\nbe freed in kobject_cleanup() when the refcount hit to 0.\n\nFault injection test can trigger this:\n\nunreferenced object 0xffff8e8340a7b4c0 (size 32):\n comm \"modprobe\", pid 243, jiffies 4294678145 (age 48.845s)\n hex dump (first 32 bytes):\n 69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65 iio_sysfs_trigge\n 72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff r..@............\n backtrace:\n [\u003c0000000074999de8\u003e] __kmem_cache_alloc_node+0x1e9/0x360\n [\u003c00000000497fd30b\u003e] __kmalloc_node_track_caller+0x44/0x1a0\n [\u003c000000003636c520\u003e] kstrdup+0x2d/0x60\n [\u003c0000000032f84da2\u003e] kobject_set_name_vargs+0x1e/0x90\n [\u003c0000000092efe493\u003e] dev_set_name+0x4e/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49793",
"url": "https://www.suse.com/security/cve/CVE-2022-49793"
},
{
"category": "external",
"summary": "SUSE Bug 1242391 for CVE-2022-49793",
"url": "https://bugzilla.suse.com/1242391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49793"
},
{
"cve": "CVE-2022-49794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()\n\nIf iio_trigger_register() returns error, it should call iio_trigger_free()\nto give up the reference that hold in iio_trigger_alloc(), so that it can\ncall iio_trig_release() to free memory when the refcount hit to 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49794",
"url": "https://www.suse.com/security/cve/CVE-2022-49794"
},
{
"category": "external",
"summary": "SUSE Bug 1242392 for CVE-2022-49794",
"url": "https://bugzilla.suse.com/1242392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49794"
},
{
"cve": "CVE-2022-49799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix wild-memory-access in register_synth_event()\n\nIn register_synth_event(), if set_synth_event_print_fmt() failed, then\nboth trace_remove_event_call() and unregister_trace_event() will be\ncalled, which means the trace_event_call will call\n__unregister_trace_event() twice. As the result, the second unregister\nwill causes the wild-memory-access.\n\nregister_synth_event\n set_synth_event_print_fmt failed\n trace_remove_event_call\n event_remove\n if call-\u003eevent.funcs then\n __unregister_trace_event (first call)\n unregister_trace_event\n __unregister_trace_event (second call)\n\nFix the bug by avoiding to call the second __unregister_trace_event() by\nchecking if the first one is called.\n\ngeneral protection fault, probably for non-canonical address\n\t0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI\nKASAN: maybe wild-memory-access in range\n[0xdead000000000120-0xdead000000000127]\nCPU: 0 PID: 3807 Comm: modprobe Not tainted\n6.1.0-rc1-00186-g76f33a7eedb4 #299\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nrel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\nRIP: 0010:unregister_trace_event+0x6e/0x280\nCode: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48\nb8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 \u003c80\u003e 3c 02\n00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b\nRSP: 0018:ffff88810413f370 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000\nRDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20\nRBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481\nR10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122\nR13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028\nFS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __create_synth_event+0x1e37/0x1eb0\n create_or_delete_synth_event+0x110/0x250\n synth_event_run_command+0x2f/0x110\n test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test]\n synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test]\n do_one_initcall+0xdb/0x480\n do_init_module+0x1cf/0x680\n load_module+0x6a50/0x70a0\n __do_sys_finit_module+0x12f/0x1c0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49799",
"url": "https://www.suse.com/security/cve/CVE-2022-49799"
},
{
"category": "external",
"summary": "SUSE Bug 1242264 for CVE-2022-49799",
"url": "https://bugzilla.suse.com/1242264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49799"
},
{
"cve": "CVE-2022-49802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix null pointer dereference in ftrace_add_mod()\n\nThe @ftrace_mod is allocated by kzalloc(), so both the members {prev,next}\nof @ftrace_mode-\u003elist are NULL, it\u0027s not a valid state to call list_del().\nIf kstrdup() for @ftrace_mod-\u003e{func|module} fails, it goes to @out_free\ntag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del()\nwill write prev-\u003enext and next-\u003eprev, where null pointer dereference\nhappens.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCall Trace:\n \u003cTASK\u003e\n ftrace_mod_callback+0x20d/0x220\n ? do_filp_open+0xd9/0x140\n ftrace_process_regex.isra.51+0xbf/0x130\n ftrace_regex_write.isra.52.part.53+0x6e/0x90\n vfs_write+0xee/0x3a0\n ? __audit_filter_op+0xb1/0x100\n ? auditd_test_task+0x38/0x50\n ksys_write+0xa5/0xe0\n do_syscall_64+0x3a/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nKernel panic - not syncing: Fatal exception\n\nSo call INIT_LIST_HEAD() to initialize the list member to fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49802",
"url": "https://www.suse.com/security/cve/CVE-2022-49802"
},
{
"category": "external",
"summary": "SUSE Bug 1242270 for CVE-2022-49802",
"url": "https://bugzilla.suse.com/1242270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49802"
},
{
"cve": "CVE-2022-49809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix skb leak in x25_lapb_receive_frame()\n\nx25_lapb_receive_frame() using skb_copy() to get a private copy of\nskb, the new skb should be freed in the undersized/fragmented skb\nerror handling path. Otherwise there is a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49809",
"url": "https://www.suse.com/security/cve/CVE-2022-49809"
},
{
"category": "external",
"summary": "SUSE Bug 1242402 for CVE-2022-49809",
"url": "https://bugzilla.suse.com/1242402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49809"
},
{
"cve": "CVE-2022-49818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49818"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix misuse of put_device() in mISDN_register_device()\n\nWe should not release reference by put_device() before calling device_initialize().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49818",
"url": "https://www.suse.com/security/cve/CVE-2022-49818"
},
{
"category": "external",
"summary": "SUSE Bug 1242527 for CVE-2022-49818",
"url": "https://bugzilla.suse.com/1242527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49818"
},
{
"cve": "CVE-2022-49821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_dsp_element_register()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device\u0027s\nbus_id string array\"), the name of device is allocated dynamically,\nuse put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nThe \u0027entry\u0027 is going to be freed in mISDN_dsp_dev_release(), so the\nkfree() is removed. list_del() is called in mISDN_dsp_dev_release(),\nso it need be initialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49821",
"url": "https://www.suse.com/security/cve/CVE-2022-49821"
},
{
"category": "external",
"summary": "SUSE Bug 1242542 for CVE-2022-49821",
"url": "https://bugzilla.suse.com/1242542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49821"
},
{
"cve": "CVE-2022-49823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tdev_add()\n\nIn ata_tdev_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x3a0\nlr : device_del+0x44/0x3a0\nCall trace:\n device_del+0x48/0x3a0\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tdev_delete+0x24/0x50 [libata]\n ata_tlink_delete+0x40/0xa0 [libata]\n ata_tport_delete+0x2c/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tdev_add(). In the error path, device_del() is called to delete\nthe device which was added earlier in this function, and ata_tdev_free()\nis called to free ata_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49823",
"url": "https://www.suse.com/security/cve/CVE-2022-49823"
},
{
"category": "external",
"summary": "SUSE Bug 1242545 for CVE-2022-49823",
"url": "https://bugzilla.suse.com/1242545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49823"
},
{
"cve": "CVE-2022-49824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tlink_add()\n\nIn ata_tlink_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tlink_delete+0x88/0xb0 [libata]\n ata_tport_delete+0x2c/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tlink_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49824",
"url": "https://www.suse.com/security/cve/CVE-2022-49824"
},
{
"category": "external",
"summary": "SUSE Bug 1242547 for CVE-2022-49824",
"url": "https://bugzilla.suse.com/1242547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49824"
},
{
"cve": "CVE-2022-49825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix error handling in ata_tport_add()\n\nIn ata_tport_add(), the return value of transport_add_device() is\nnot checked. As a result, it causes null-ptr-deref while removing\nthe module, because transport_remove_device() is called to remove\nthe device that was not added.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\nCPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x48/0x39c\nlr : device_del+0x44/0x39c\nCall trace:\n device_del+0x48/0x39c\n attribute_container_class_device_del+0x28/0x40\n transport_remove_classdev+0x60/0x7c\n attribute_container_device_trigger+0x118/0x120\n transport_remove_device+0x20/0x30\n ata_tport_delete+0x34/0x60 [libata]\n ata_port_detach+0x148/0x1b0 [libata]\n ata_pci_remove_one+0x50/0x80 [libata]\n ahci_remove_one+0x4c/0x8c [ahci]\n\nFix this by checking and handling return value of transport_add_device()\nin ata_tport_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49825",
"url": "https://www.suse.com/security/cve/CVE-2022-49825"
},
{
"category": "external",
"summary": "SUSE Bug 1242548 for CVE-2022-49825",
"url": "https://bugzilla.suse.com/1242548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49825"
},
{
"cve": "CVE-2022-49826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix double ata_host_put() in ata_tport_add()\n\nIn the error path in ata_tport_add(), when calling put_device(),\nata_tport_release() is called, it will put the refcount of \u0027ap-\u003ehost\u0027.\n\nAnd then ata_host_put() is called again, the refcount is decreased\nto 0, ata_host_release() is called, all ports are freed and set to\nnull.\n\nWhen unbinding the device after failure, ata_host_stop() is called\nto release the resources, it leads a null-ptr-deref(), because all\nthe ports all freed and null.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ata_host_stop+0x3c/0x84 [libata]\nlr : release_nodes+0x64/0xd0\nCall trace:\n ata_host_stop+0x3c/0x84 [libata]\n release_nodes+0x64/0xd0\n devres_release_all+0xbc/0x1b0\n device_unbind_cleanup+0x20/0x70\n really_probe+0x158/0x320\n __driver_probe_device+0x84/0x120\n driver_probe_device+0x44/0x120\n __driver_attach+0xb4/0x220\n bus_for_each_dev+0x78/0xdc\n driver_attach+0x2c/0x40\n bus_add_driver+0x184/0x240\n driver_register+0x80/0x13c\n __pci_register_driver+0x4c/0x60\n ahci_pci_driver_init+0x30/0x1000 [ahci]\n\nFix this by removing redundant ata_host_put() in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49826",
"url": "https://www.suse.com/security/cve/CVE-2022-49826"
},
{
"category": "external",
"summary": "SUSE Bug 1242549 for CVE-2022-49826",
"url": "https://bugzilla.suse.com/1242549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49826"
},
{
"cve": "CVE-2022-49827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()\n\ndrm_vblank_init() call drmm_add_action_or_reset() with\ndrm_vblank_init_release() as action. If __drmm_add_action() failed, will\ndirectly call drm_vblank_init_release() with the vblank whose worker is\nNULL. As the resule, a null-ptr-deref will happen in\nkthread_destroy_worker(). Add the NULL check before calling\ndrm_vblank_destroy_worker().\n\nBUG: null-ptr-deref\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty\nRIP: 0010:kthread_destroy_worker+0x25/0xb0\n Call Trace:\n \u003cTASK\u003e\n drm_vblank_init_release+0x124/0x220 [drm]\n ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm]\n __drmm_add_action_or_reset+0x41/0x50 [drm]\n drm_vblank_init+0x282/0x310 [drm]\n vkms_init+0x35f/0x1000 [vkms]\n ? 0xffffffffc4508000\n ? lock_is_held_type+0xd7/0x130\n ? __kmem_cache_alloc_node+0x1c2/0x2b0\n ? lock_is_held_type+0xd7/0x130\n ? 0xffffffffc4508000\n do_one_initcall+0xd0/0x4f0\n ...\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49827",
"url": "https://www.suse.com/security/cve/CVE-2022-49827"
},
{
"category": "external",
"summary": "SUSE Bug 1242689 for CVE-2022-49827",
"url": "https://bugzilla.suse.com/1242689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49827"
},
{
"cve": "CVE-2022-49830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drv: Fix potential memory leak in drm_dev_init()\n\ndrm_dev_init() will add drm_dev_init_release() as a callback. When\ndrmm_add_action() failed, the release function won\u0027t be added. As the\nresult, the ref cnt added by device_get() in drm_dev_init() won\u0027t be put\nby drm_dev_init_release(), which leads to the memleak. Use\ndrmm_add_action_or_reset() instead of drmm_add_action() to prevent\nmemleak.\n\nunreferenced object 0xffff88810bc0c800 (size 2048):\n comm \"modprobe\", pid 8322, jiffies 4305809845 (age 15.292s)\n hex dump (first 32 bytes):\n e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................\n 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $\u003c.............\n backtrace:\n [\u003c000000007251f72d\u003e] __kmalloc+0x4b/0x1c0\n [\u003c0000000045f21f26\u003e] platform_device_alloc+0x2d/0xe0\n [\u003c000000004452a479\u003e] platform_device_register_full+0x24/0x1c0\n [\u003c0000000089f4ea61\u003e] 0xffffffffa0736051\n [\u003c00000000235b2441\u003e] do_one_initcall+0x7a/0x380\n [\u003c0000000001a4a177\u003e] do_init_module+0x5c/0x230\n [\u003c000000002bf8a8e2\u003e] load_module+0x227d/0x2420\n [\u003c00000000637d6d0a\u003e] __do_sys_finit_module+0xd5/0x140\n [\u003c00000000c99fc324\u003e] do_syscall_64+0x3f/0x90\n [\u003c000000004d85aa77\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49830",
"url": "https://www.suse.com/security/cve/CVE-2022-49830"
},
{
"category": "external",
"summary": "SUSE Bug 1242150 for CVE-2022-49830",
"url": "https://bugzilla.suse.com/1242150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "low"
}
],
"title": "CVE-2022-49830"
},
{
"cve": "CVE-2022-49832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map\n\nHere is the BUG report by KASAN about null pointer dereference:\n\nBUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50\nRead of size 1 at addr 0000000000000000 by task python3/2640\nCall Trace:\n strcmp\n __of_find_property\n of_find_property\n pinctrl_dt_to_map\n\nkasprintf() would return NULL pointer when kmalloc() fail to allocate.\nSo directly return ENOMEM, if kasprintf() return NULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49832",
"url": "https://www.suse.com/security/cve/CVE-2022-49832"
},
{
"category": "external",
"summary": "SUSE Bug 1242154 for CVE-2022-49832",
"url": "https://bugzilla.suse.com/1242154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49832"
},
{
"cve": "CVE-2022-49835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix potential memleak in \u0027add_widget_node\u0027\n\nAs \u0027kobject_add\u0027 may allocated memory for \u0027kobject-\u003ename\u0027 when return error.\nAnd in this function, if call \u0027kobject_add\u0027 failed didn\u0027t free kobject.\nSo call \u0027kobject_put\u0027 to recycling resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49835",
"url": "https://www.suse.com/security/cve/CVE-2022-49835"
},
{
"category": "external",
"summary": "SUSE Bug 1242385 for CVE-2022-49835",
"url": "https://bugzilla.suse.com/1242385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49835"
},
{
"cve": "CVE-2022-49836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsiox: fix possible memory leak in siox_device_add()\n\nIf device_register() returns error in siox_device_add(),\nthe name allocated by dev_set_name() need be freed. As\ncomment of device_register() says, it should use put_device()\nto give up the reference in the error path. So fix this\nby calling put_device(), then the name can be freed in\nkobject_cleanup(), and sdevice is freed in siox_device_release(),\nset it to null in error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49836",
"url": "https://www.suse.com/security/cve/CVE-2022-49836"
},
{
"category": "external",
"summary": "SUSE Bug 1242355 for CVE-2022-49836",
"url": "https://bugzilla.suse.com/1242355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49836"
},
{
"cve": "CVE-2022-49839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_transport_sas: Fix error handling in sas_phy_add()\n\nIf transport_add_device() fails in sas_phy_add(), the kernel will crash\ntrying to delete the device in transport_remove_device() called from\nsas_remove_host().\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000108\nCPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x54/0x3d0\nlr : device_del+0x37c/0x3d0\nCall trace:\n device_del+0x54/0x3d0\n attribute_container_class_device_del+0x28/0x38\n transport_remove_classdev+0x6c/0x80\n attribute_container_device_trigger+0x108/0x110\n transport_remove_device+0x28/0x38\n sas_phy_delete+0x30/0x60 [scsi_transport_sas]\n do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas]\n device_for_each_child+0x68/0xb0\n sas_remove_children+0x40/0x50 [scsi_transport_sas]\n sas_remove_host+0x20/0x38 [scsi_transport_sas]\n hisi_sas_remove+0x40/0x68 [hisi_sas_main]\n hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw]\n platform_remove+0x2c/0x60\n\nFix this by checking and handling return value of transport_add_device()\nin sas_phy_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49839",
"url": "https://www.suse.com/security/cve/CVE-2022-49839"
},
{
"category": "external",
"summary": "SUSE Bug 1242443 for CVE-2022-49839",
"url": "https://bugzilla.suse.com/1242443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49839"
},
{
"cve": "CVE-2022-49841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: Add missing .thaw_noirq hook\n\nThe following warning is seen with non-console UART instance when\nsystem hibernates.\n\n[ 37.371969] ------------[ cut here ]------------\n[ 37.376599] uart3_root_clk already disabled\n[ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0\n...\n[ 37.506986] Call trace:\n[ 37.509432] clk_core_disable+0xa4/0xb0\n[ 37.513270] clk_disable+0x34/0x50\n[ 37.516672] imx_uart_thaw+0x38/0x5c\n[ 37.520250] platform_pm_thaw+0x30/0x6c\n[ 37.524089] dpm_run_callback.constprop.0+0x3c/0xd4\n[ 37.528972] device_resume+0x7c/0x160\n[ 37.532633] dpm_resume+0xe8/0x230\n[ 37.536036] hibernation_snapshot+0x288/0x430\n[ 37.540397] hibernate+0x10c/0x2e0\n[ 37.543798] state_store+0xc4/0xd0\n[ 37.547203] kobj_attr_store+0x1c/0x30\n[ 37.550953] sysfs_kf_write+0x48/0x60\n[ 37.554619] kernfs_fop_write_iter+0x118/0x1ac\n[ 37.559063] new_sync_write+0xe8/0x184\n[ 37.562812] vfs_write+0x230/0x290\n[ 37.566214] ksys_write+0x68/0xf4\n[ 37.569529] __arm64_sys_write+0x20/0x2c\n[ 37.573452] invoke_syscall.constprop.0+0x50/0xf0\n[ 37.578156] do_el0_svc+0x11c/0x150\n[ 37.581648] el0_svc+0x30/0x140\n[ 37.584792] el0t_64_sync_handler+0xe8/0xf0\n[ 37.588976] el0t_64_sync+0x1a0/0x1a4\n[ 37.592639] ---[ end trace 56e22eec54676d75 ]---\n\nOn hibernating, pm core calls into related hooks in sequence like:\n\n .freeze\n .freeze_noirq\n .thaw_noirq\n .thaw\n\nWith .thaw_noirq hook being absent, the clock will be disabled in a\nunbalanced call which results the warning above.\n\n imx_uart_freeze()\n clk_prepare_enable()\n imx_uart_suspend_noirq()\n clk_disable()\n imx_uart_thaw\n clk_disable_unprepare()\n\nAdding the missing .thaw_noirq hook as imx_uart_resume_noirq() will have\nthe call sequence corrected as below and thus fix the warning.\n\n imx_uart_freeze()\n clk_prepare_enable()\n imx_uart_suspend_noirq()\n clk_disable()\n imx_uart_resume_noirq()\n clk_enable()\n imx_uart_thaw\n clk_disable_unprepare()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49841",
"url": "https://www.suse.com/security/cve/CVE-2022-49841"
},
{
"category": "external",
"summary": "SUSE Bug 1242473 for CVE-2022-49841",
"url": "https://bugzilla.suse.com/1242473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49841"
},
{
"cve": "CVE-2022-49842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49842"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Fix use-after-free in snd_soc_exit()\n\nKASAN reports a use-after-free:\n\nBUG: KASAN: use-after-free in device_del+0xb5b/0xc60\nRead of size 8 at addr ffff888008655050 by task rmmod/387\nCPU: 2 PID: 387 Comm: rmmod\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x79/0x9a\nprint_report+0x17f/0x47b\nkasan_report+0xbb/0xf0\ndevice_del+0xb5b/0xc60\nplatform_device_del.part.0+0x24/0x200\nplatform_device_unregister+0x2e/0x40\nsnd_soc_exit+0xa/0x22 [snd_soc_core]\n__do_sys_delete_module.constprop.0+0x34f/0x5b0\ndo_syscall_64+0x3a/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n...\n\u003c/TASK\u003e\n\nIt\u0027s bacause in snd_soc_init(), snd_soc_util_init() is possble to fail,\nbut its ret is ignored, which makes soc_dummy_dev unregistered twice.\n\nsnd_soc_init()\n snd_soc_util_init()\n platform_device_register_simple(soc_dummy_dev)\n platform_driver_register() # fail\n \tplatform_device_unregister(soc_dummy_dev)\n platform_driver_register() # success\n...\nsnd_soc_exit()\n snd_soc_util_exit()\n # soc_dummy_dev will be unregistered for second time\n\nTo fix it, handle error and stop snd_soc_init() when util_init() fail.\nAlso clean debugfs when util_init() or driver_register() fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49842",
"url": "https://www.suse.com/security/cve/CVE-2022-49842"
},
{
"category": "external",
"summary": "SUSE Bug 1242484 for CVE-2022-49842",
"url": "https://bugzilla.suse.com/1242484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49842"
},
{
"cve": "CVE-2022-49846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix a slab-out-of-bounds write bug in udf_find_entry()\n\nSyzbot reported a slab-out-of-bounds Write bug:\n\nloop0: detected capacity change from 0 to 2048\n==================================================================\nBUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0\nfs/udf/namei.c:253\nWrite of size 105 at addr ffff8880123ff896 by task syz-executor323/3610\n\nCPU: 0 PID: 3610 Comm: syz-executor323 Not tainted\n6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/11/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189\n memcpy+0x3c/0x60 mm/kasan/shadow.c:66\n udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253\n udf_lookup+0xef/0x340 fs/udf/namei.c:309\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_creat fs/open.c:1402 [inline]\n __se_sys_creat fs/open.c:1396 [inline]\n __x64_sys_creat+0x11f/0x160 fs/open.c:1396\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7ffab0d164d9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe1a7e6bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffab0d164d9\nRDX: 00007ffab0d164d9 RSI: 0000000000000000 RDI: 0000000020000180\nRBP: 00007ffab0cd5a10 R08: 0000000000000000 R09: 0000000000000000\nR10: 00005555573552c0 R11: 0000000000000246 R12: 00007ffab0cd5aa0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 3610:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n ____kasan_kmalloc mm/kasan/common.c:371 [inline]\n __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380\n kmalloc include/linux/slab.h:576 [inline]\n udf_find_entry+0x7b6/0x14f0 fs/udf/namei.c:243\n udf_lookup+0xef/0x340 fs/udf/namei.c:309\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n do_sys_openat2+0x124/0x4e0 fs/open.c:1310\n do_sys_open fs/open.c:1326 [inline]\n __do_sys_creat fs/open.c:1402 [inline]\n __se_sys_creat fs/open.c:1396 [inline]\n __x64_sys_creat+0x11f/0x160 fs/open.c:1396\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe buggy address belongs to the object at ffff8880123ff800\n which belongs to the cache kmalloc-256 of size 256\nThe buggy address is located 150 bytes inside of\n 256-byte region [ffff8880123ff800, ffff8880123ff900)\n\nThe buggy address belongs to the physical page:\npage:ffffea000048ff80 refcount:1 mapcount:0 mapping:0000000000000000\nindex:0x0 pfn:0x123fe\nhead:ffffea000048ff80 order:1 compound_mapcount:0 compound_pincount:0\nflags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000010200 ffffea00004b8500 dead000000000003 ffff888012041b40\nraw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as allocated\npage last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(),\npid 1, tgid 1 (swapper/0), ts 1841222404, free_ts 0\n create_dummy_stack mm/page_owner.c:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49846",
"url": "https://www.suse.com/security/cve/CVE-2022-49846"
},
{
"category": "external",
"summary": "SUSE Bug 1242716 for CVE-2022-49846",
"url": "https://bugzilla.suse.com/1242716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49846"
},
{
"cve": "CVE-2022-49861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()\n\nA clk_prepare_enable() call in the probe is not balanced by a corresponding\nclk_disable_unprepare() in the remove function.\n\nAdd the missing call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49861",
"url": "https://www.suse.com/security/cve/CVE-2022-49861"
},
{
"category": "external",
"summary": "SUSE Bug 1242580 for CVE-2022-49861",
"url": "https://bugzilla.suse.com/1242580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49861"
},
{
"cve": "CVE-2022-49870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncapabilities: fix undefined behavior in bit shift for CAP_TO_MASK\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in security/commoncap.c:1252:2\nleft shift of 1 by 31 places cannot be represented in type \u0027int\u0027\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n cap_task_prctl+0x561/0x6f0\n security_task_prctl+0x5a/0xb0\n __x64_sys_prctl+0x61/0x8f0\n do_syscall_64+0x58/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49870",
"url": "https://www.suse.com/security/cve/CVE-2022-49870"
},
{
"category": "external",
"summary": "SUSE Bug 1242551 for CVE-2022-49870",
"url": "https://bugzilla.suse.com/1242551"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49870"
},
{
"cve": "CVE-2022-49879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49879"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix BUG_ON() when directory entry has invalid rec_len\n\nThe rec_len field in the directory entry has to be a multiple of 4. A\ncorrupted filesystem image can be used to hit a BUG() in\next4_rec_len_to_disk(), called from make_indexed_dir().\n\n ------------[ cut here ]------------\n kernel BUG at fs/ext4/ext4.h:2413!\n ...\n RIP: 0010:make_indexed_dir+0x53f/0x5f0\n ...\n Call Trace:\n \u003cTASK\u003e\n ? add_dirent_to_buf+0x1b2/0x200\n ext4_add_entry+0x36e/0x480\n ext4_add_nondir+0x2b/0xc0\n ext4_create+0x163/0x200\n path_openat+0x635/0xe90\n do_filp_open+0xb4/0x160\n ? __create_object.isra.0+0x1de/0x3b0\n ? _raw_spin_unlock+0x12/0x30\n do_sys_openat2+0x91/0x150\n __x64_sys_open+0x6c/0xa0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe fix simply adds a call to ext4_check_dir_entry() to validate the\ndirectory entry, returning -EFSCORRUPTED if the entry is invalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49879",
"url": "https://www.suse.com/security/cve/CVE-2022-49879"
},
{
"category": "external",
"summary": "SUSE Bug 1242733 for CVE-2022-49879",
"url": "https://bugzilla.suse.com/1242733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49879"
},
{
"cve": "CVE-2022-49880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49880"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in \u0027ext4_da_release_space\u0027\n\nSyzkaller report issue as follows:\nEXT4-fs (loop0): Free/Dirty block details\nEXT4-fs (loop0): free_blocks=0\nEXT4-fs (loop0): dirty_blocks=0\nEXT4-fs (loop0): Block reservation details\nEXT4-fs (loop0): i_reserved_data_blocks=0\nEXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 92 at fs/ext4/inode.c:1528 ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1524\nModules linked in:\nCPU: 0 PID: 92 Comm: kworker/u4:4 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nWorkqueue: writeback wb_workfn (flush-7:0)\nRIP: 0010:ext4_da_release_space+0x25e/0x370 fs/ext4/inode.c:1528\nRSP: 0018:ffffc900015f6c90 EFLAGS: 00010296\nRAX: 42215896cd52ea00 RBX: 0000000000000000 RCX: 42215896cd52ea00\nRDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000\nRBP: 1ffff1100e907d96 R08: ffffffff816aa79d R09: fffff520002bece5\nR10: fffff520002bece5 R11: 1ffff920002bece4 R12: ffff888021fd2000\nR13: ffff88807483ecb0 R14: 0000000000000001 R15: ffff88807483e740\nFS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555569ba628 CR3: 000000000c88e000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ext4_es_remove_extent+0x1ab/0x260 fs/ext4/extents_status.c:1461\n mpage_release_unused_pages+0x24d/0xef0 fs/ext4/inode.c:1589\n ext4_writepages+0x12eb/0x3be0 fs/ext4/inode.c:2852\n do_writepages+0x3c3/0x680 mm/page-writeback.c:2469\n __writeback_single_inode+0xd1/0x670 fs/fs-writeback.c:1587\n writeback_sb_inodes+0xb3b/0x18f0 fs/fs-writeback.c:1870\n wb_writeback+0x41f/0x7b0 fs/fs-writeback.c:2044\n wb_do_writeback fs/fs-writeback.c:2187 [inline]\n wb_workfn+0x3cb/0xef0 fs/fs-writeback.c:2227\n process_one_work+0x877/0xdb0 kernel/workqueue.c:2289\n worker_thread+0xb14/0x1330 kernel/workqueue.c:2436\n kthread+0x266/0x300 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n \u003c/TASK\u003e\n\nAbove issue may happens as follows:\next4_da_write_begin\n ext4_create_inline_data\n ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS);\n ext4_set_inode_flag(inode, EXT4_INODE_INLINE_DATA);\n__ext4_ioctl\n ext4_ext_migrate -\u003e will lead to eh-\u003eeh_entries not zero, and set extent flag\next4_da_write_begin\n ext4_da_convert_inline_data_to_extent\n ext4_da_write_inline_data_begin\n ext4_da_map_blocks\n ext4_insert_delayed_block\n\t if (!ext4_es_scan_clu(inode, \u0026ext4_es_is_delonly, lblk))\n\t if (!ext4_es_scan_clu(inode, \u0026ext4_es_is_mapped, lblk))\n\t ext4_clu_mapped(inode, EXT4_B2C(sbi, lblk)); -\u003e will return 1\n\t allocated = true;\n ext4_es_insert_delayed_block(inode, lblk, allocated);\next4_writepages\n mpage_map_and_submit_extent(handle, \u0026mpd, \u0026give_up_on_write); -\u003e return -ENOSPC\n mpage_release_unused_pages(\u0026mpd, give_up_on_write); -\u003e give_up_on_write == 1\n ext4_es_remove_extent\n ext4_da_release_space(inode, reserved);\n if (unlikely(to_free \u003e ei-\u003ei_reserved_data_blocks))\n\t -\u003e to_free == 1 but ei-\u003ei_reserved_data_blocks == 0\n\t -\u003e then trigger warning as above\n\nTo solve above issue, forbid inode do migrate which has inline data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49880",
"url": "https://www.suse.com/security/cve/CVE-2022-49880"
},
{
"category": "external",
"summary": "SUSE Bug 1242734 for CVE-2022-49880",
"url": "https://bugzilla.suse.com/1242734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49880"
},
{
"cve": "CVE-2022-49881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix memory leak in query_regdb_file()\n\nIn the function query_regdb_file() the alpha2 parameter is duplicated\nusing kmemdup() and subsequently freed in regdb_fw_cb(). However,\nrequest_firmware_nowait() can fail without calling regdb_fw_cb() and\nthus leak memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49881",
"url": "https://www.suse.com/security/cve/CVE-2022-49881"
},
{
"category": "external",
"summary": "SUSE Bug 1242481 for CVE-2022-49881",
"url": "https://bugzilla.suse.com/1242481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49881"
},
{
"cve": "CVE-2022-49887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: meson: vdec: fix possible refcount leak in vdec_probe()\n\nv4l2_device_unregister need to be called to put the refcount got by\nv4l2_device_register when vdec_probe fails or vdec_remove is called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49887",
"url": "https://www.suse.com/security/cve/CVE-2022-49887"
},
{
"category": "external",
"summary": "SUSE Bug 1242736 for CVE-2022-49887",
"url": "https://bugzilla.suse.com/1242736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49887"
},
{
"cve": "CVE-2022-49889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()\n\nOn some machines the number of listed CPUs may be bigger than the actual\nCPUs that exist. The tracing subsystem allocates a per_cpu directory with\naccess to the per CPU ring buffer via a cpuX file. But to save space, the\nring buffer will only allocate buffers for online CPUs, even though the\nCPU array will be as big as the nr_cpu_ids.\n\nWith the addition of waking waiters on the ring buffer when closing the\nfile, the ring_buffer_wake_waiters() now needs to make sure that the\nbuffer is allocated (with the irq_work allocated with it) before trying to\nwake waiters, as it will cause a NULL pointer dereference.\n\nWhile debugging this, I added a NULL check for the buffer itself (which is\nOK to do), and also NULL pointer checks against buffer-\u003ebuffers (which is\nnot fine, and will WARN) as well as making sure the CPU number passed in\nis within the nr_cpu_ids (which is also not fine if it isn\u0027t).\n\n\nBugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49889",
"url": "https://www.suse.com/security/cve/CVE-2022-49889"
},
{
"category": "external",
"summary": "SUSE Bug 1242455 for CVE-2022-49889",
"url": "https://bugzilla.suse.com/1242455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49889"
},
{
"cve": "CVE-2022-49892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix use-after-free for dynamic ftrace_ops\n\nKASAN reported a use-after-free with ftrace ops [1]. It was found from\nvmcore that perf had registered two ops with the same content\nsuccessively, both dynamic. After unregistering the second ops, a\nuse-after-free occurred.\n\nIn ftrace_shutdown(), when the second ops is unregistered, the\nFTRACE_UPDATE_CALLS command is not set because there is another enabled\nops with the same content. Also, both ops are dynamic and the ftrace\ncallback function is ftrace_ops_list_func, so the\nFTRACE_UPDATE_TRACE_FUNC command will not be set. Eventually the value\nof \u0027command\u0027 will be 0 and ftrace_shutdown() will skip the rcu\nsynchronization.\n\nHowever, ftrace may be activated. When the ops is released, another CPU\nmay be accessing the ops. Add the missing synchronization to fix this\nproblem.\n\n[1]\nBUG: KASAN: use-after-free in __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [inline]\nBUG: KASAN: use-after-free in ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049\nRead of size 8 at addr ffff56551965bbc8 by task syz-executor.2/14468\n\nCPU: 1 PID: 14468 Comm: syz-executor.2 Not tainted 5.10.0 #7\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace+0x0/0x40c arch/arm64/kernel/stacktrace.c:132\n show_stack+0x30/0x40 arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1b4/0x248 lib/dump_stack.c:118\n print_address_description.constprop.0+0x28/0x48c mm/kasan/report.c:387\n __kasan_report mm/kasan/report.c:547 [inline]\n kasan_report+0x118/0x210 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load8+0x98/0xc0 mm/kasan/generic.c:253\n __ftrace_ops_list_func kernel/trace/ftrace.c:7020 [inline]\n ftrace_ops_list_func+0x2b0/0x31c kernel/trace/ftrace.c:7049\n ftrace_graph_call+0x0/0x4\n __might_sleep+0x8/0x100 include/linux/perf_event.h:1170\n __might_fault mm/memory.c:5183 [inline]\n __might_fault+0x58/0x70 mm/memory.c:5171\n do_strncpy_from_user lib/strncpy_from_user.c:41 [inline]\n strncpy_from_user+0x1f4/0x4b0 lib/strncpy_from_user.c:139\n getname_flags+0xb0/0x31c fs/namei.c:149\n getname+0x2c/0x40 fs/namei.c:209\n [...]\n\nAllocated by task 14445:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:48\n kasan_set_track mm/kasan/common.c:56 [inline]\n __kasan_kmalloc mm/kasan/common.c:479 [inline]\n __kasan_kmalloc.constprop.0+0x110/0x13c mm/kasan/common.c:449\n kasan_kmalloc+0xc/0x14 mm/kasan/common.c:493\n kmem_cache_alloc_trace+0x440/0x924 mm/slub.c:2950\n kmalloc include/linux/slab.h:563 [inline]\n kzalloc include/linux/slab.h:675 [inline]\n perf_event_alloc.part.0+0xb4/0x1350 kernel/events/core.c:11230\n perf_event_alloc kernel/events/core.c:11733 [inline]\n __do_sys_perf_event_open kernel/events/core.c:11831 [inline]\n __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723\n __arm64_sys_perf_event_open+0x6c/0x80 kernel/events/core.c:11723\n [...]\n\nFreed by task 14445:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:48\n kasan_set_track+0x24/0x34 mm/kasan/common.c:56\n kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:358\n __kasan_slab_free.part.0+0x11c/0x1b0 mm/kasan/common.c:437\n __kasan_slab_free mm/kasan/common.c:445 [inline]\n kasan_slab_free+0x2c/0x40 mm/kasan/common.c:446\n slab_free_hook mm/slub.c:1569 [inline]\n slab_free_freelist_hook mm/slub.c:1608 [inline]\n slab_free mm/slub.c:3179 [inline]\n kfree+0x12c/0xc10 mm/slub.c:4176\n perf_event_alloc.part.0+0xa0c/0x1350 kernel/events/core.c:11434\n perf_event_alloc kernel/events/core.c:11733 [inline]\n __do_sys_perf_event_open kernel/events/core.c:11831 [inline]\n __se_sys_perf_event_open+0x550/0x15f4 kernel/events/core.c:11723\n [...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49892",
"url": "https://www.suse.com/security/cve/CVE-2022-49892"
},
{
"category": "external",
"summary": "SUSE Bug 1242449 for CVE-2022-49892",
"url": "https://bugzilla.suse.com/1242449"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49892"
},
{
"cve": "CVE-2022-49906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Free rwi on reset success\n\nFree the rwi structure in the event that the last rwi in the list\nprocessed successfully. The logic in commit 4f408e1fa6e1 (\"ibmvnic:\nretry reset if there are no other resets\") introduces an issue that\nresults in a 32 byte memory leak whenever the last rwi in the list\ngets processed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49906",
"url": "https://www.suse.com/security/cve/CVE-2022-49906"
},
{
"category": "external",
"summary": "SUSE Bug 1242464 for CVE-2022-49906",
"url": "https://bugzilla.suse.com/1242464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49906"
},
{
"cve": "CVE-2022-49910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu\n\nFix the race condition between the following two flows that run in\nparallel:\n\n1. l2cap_reassemble_sdu -\u003e chan-\u003eops-\u003erecv (l2cap_sock_recv_cb) -\u003e\n __sock_queue_rcv_skb.\n\n2. bt_sock_recvmsg -\u003e skb_recv_datagram, skb_free_datagram.\n\nAn SKB can be queued by the first flow and immediately dequeued and\nfreed by the second flow, therefore the callers of l2cap_reassemble_sdu\ncan\u0027t use the SKB after that function returns. However, some places\ncontinue accessing struct l2cap_ctrl that resides in the SKB\u0027s CB for a\nshort time after l2cap_reassemble_sdu returns, leading to a\nuse-after-free condition (the stack trace is below, line numbers for\nkernel 5.19.8).\n\nFix it by keeping a local copy of struct l2cap_ctrl.\n\nBUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\nRead of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169\n\nWorkqueue: hci0 hci_rx_work [bluetooth]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n \u003c/TASK\u003e\n\nAllocated by task 43169:\n kasan_save_stack (mm/kasan/common.c:39)\n __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293)\n __alloc_skb (net/core/skbuff.c:414)\n l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth\n l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth\n hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth\n process_one_work (kernel/workqueue.c:2289)\n worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437)\n kthread (kernel/kthread.c:376)\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n\nFreed by task 27920:\n kasan_save_stack (mm/kasan/common.c:39)\n kasan_set_track (mm/kasan/common.c:45)\n kasan_set_free_info (mm/kasan/generic.c:372)\n ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328)\n slab_free_freelist_hook (mm/slub.c:1780)\n kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553)\n skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323)\n bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth\n l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth\n sock_read_iter (net/socket.c:1087)\n new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401)\n vfs_read (fs/read_write.c:482)\n ksys_read (fs/read_write.c:620)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49910",
"url": "https://www.suse.com/security/cve/CVE-2022-49910"
},
{
"category": "external",
"summary": "SUSE Bug 1242452 for CVE-2022-49910",
"url": "https://bugzilla.suse.com/1242452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49910"
},
{
"cve": "CVE-2022-49915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible memory leak in mISDN_register_device()\n\nAfer commit 1fa5ae857bb1 (\"driver core: get rid of struct device\u0027s\nbus_id string array\"), the name of device is allocated dynamically,\nadd put_device() to give up the reference, so that the name can be\nfreed in kobject_cleanup() when the refcount is 0.\n\nSet device class before put_device() to avoid null release() function\nWARN message in device_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49915",
"url": "https://www.suse.com/security/cve/CVE-2022-49915"
},
{
"category": "external",
"summary": "SUSE Bug 1242409 for CVE-2022-49915",
"url": "https://bugzilla.suse.com/1242409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49915"
},
{
"cve": "CVE-2022-49922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()\n\nnfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb\nshould be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send()\nwill only free skb when i2c_master_send() return \u003e=0, which means skb\nwill memleak when i2c_master_send() failed. Free skb no matter whether\ni2c_master_send() succeeds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49922",
"url": "https://www.suse.com/security/cve/CVE-2022-49922"
},
{
"category": "external",
"summary": "SUSE Bug 1242378 for CVE-2022-49922",
"url": "https://bugzilla.suse.com/1242378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49922"
},
{
"cve": "CVE-2022-49927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs4: Fix kmemleak when allocate slot failed\n\nIf one of the slot allocate failed, should cleanup all the other\nallocated slots, otherwise, the allocated slots will leak:\n\n unreferenced object 0xffff8881115aa100 (size 64):\n comm \"\"mount.nfs\"\", pid 679, jiffies 4294744957 (age 115.037s)\n hex dump (first 32 bytes):\n 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z.....\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c000000007a4c434a\u003e] nfs4_find_or_create_slot+0x8e/0x130\n [\u003c000000005472a39c\u003e] nfs4_realloc_slot_table+0x23f/0x270\n [\u003c00000000cd8ca0eb\u003e] nfs40_init_client+0x4a/0x90\n [\u003c00000000128486db\u003e] nfs4_init_client+0xce/0x270\n [\u003c000000008d2cacad\u003e] nfs4_set_client+0x1a2/0x2b0\n [\u003c000000000e593b52\u003e] nfs4_create_server+0x300/0x5f0\n [\u003c00000000e4425dd2\u003e] nfs4_try_get_tree+0x65/0x110\n [\u003c00000000d3a6176f\u003e] vfs_get_tree+0x41/0xf0\n [\u003c0000000016b5ad4c\u003e] path_mount+0x9b3/0xdd0\n [\u003c00000000494cae71\u003e] __x64_sys_mount+0x190/0x1d0\n [\u003c000000005d56bdec\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000687c9ae4\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49927",
"url": "https://www.suse.com/security/cve/CVE-2022-49927"
},
{
"category": "external",
"summary": "SUSE Bug 1242416 for CVE-2022-49927",
"url": "https://bugzilla.suse.com/1242416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-49927"
},
{
"cve": "CVE-2023-0160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0160"
}
],
"notes": [
{
"category": "general",
"text": "A deadlock flaw was found in the Linux kernel\u0027s BPF subsystem. This flaw allows a local user to potentially crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0160",
"url": "https://www.suse.com/security/cve/CVE-2023-0160"
},
{
"category": "external",
"summary": "SUSE Bug 1209657 for CVE-2023-0160",
"url": "https://bugzilla.suse.com/1209657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-0160"
},
{
"cve": "CVE-2023-1990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1990"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1990",
"url": "https://www.suse.com/security/cve/CVE-2023-1990"
},
{
"category": "external",
"summary": "SUSE Bug 1210337 for CVE-2023-1990",
"url": "https://bugzilla.suse.com/1210337"
},
{
"category": "external",
"summary": "SUSE Bug 1210501 for CVE-2023-1990",
"url": "https://bugzilla.suse.com/1210501"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-1990",
"url": "https://bugzilla.suse.com/1214128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2023-1990"
},
{
"cve": "CVE-2023-47233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47233"
}
],
"notes": [
{
"category": "general",
"text": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47233",
"url": "https://www.suse.com/security/cve/CVE-2023-47233"
},
{
"category": "external",
"summary": "SUSE Bug 1216702 for CVE-2023-47233",
"url": "https://bugzilla.suse.com/1216702"
},
{
"category": "external",
"summary": "SUSE Bug 1224592 for CVE-2023-47233",
"url": "https://bugzilla.suse.com/1224592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-47233"
},
{
"cve": "CVE-2023-52508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52508"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()\n\nThe nvme_fc_fcp_op structure describing an AEN operation is initialized with a\nnull request structure pointer. An FC LLDD may make a call to\nnvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.\n\nAdd validation of the request structure pointer before dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52508",
"url": "https://www.suse.com/security/cve/CVE-2023-52508"
},
{
"category": "external",
"summary": "SUSE Bug 1221015 for CVE-2023-52508",
"url": "https://bugzilla.suse.com/1221015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-52508"
},
{
"cve": "CVE-2023-52591",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52591"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nreiserfs: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change reiserfs rename code to avoid touching renamed directory\nif its parent does not change as without locking that can corrupt the\nfilesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52591",
"url": "https://www.suse.com/security/cve/CVE-2023-52591"
},
{
"category": "external",
"summary": "SUSE Bug 1221044 for CVE-2023-52591",
"url": "https://bugzilla.suse.com/1221044"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-52591",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-52591",
"url": "https://bugzilla.suse.com/1221598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2023-52591"
},
{
"cve": "CVE-2023-52654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/af_unix: disable sending io_uring over sockets\n\nFile reference cycles have caused lots of problems for io_uring\nin the past, and it still doesn\u0027t work exactly right and races with\nunix_stream_read_generic(). The safest fix would be to completely\ndisallow sending io_uring files via sockets via SCM_RIGHT, so there\nare no possible cycles invloving registered files and thus rendering\nSCM accounting on the io_uring side unnecessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52654",
"url": "https://www.suse.com/security/cve/CVE-2023-52654"
},
{
"category": "external",
"summary": "SUSE Bug 1224099 for CVE-2023-52654",
"url": "https://bugzilla.suse.com/1224099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-52654"
},
{
"cve": "CVE-2023-53039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53039"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Fix potential use-after-free in work function\n\nWhen a reset notify IPC message is received, the ISR schedules a work\nfunction and passes the ISHTP device to it via a global pointer\nishtp_dev. If ish_probe() fails, the devm-managed device resources\nincluding ishtp_dev are freed, but the work is not cancelled, causing a\nuse-after-free when the work function tries to access ishtp_dev. Use\ndevm_work_autocancel() instead, so that the work is automatically\ncancelled if probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53039",
"url": "https://www.suse.com/security/cve/CVE-2023-53039"
},
{
"category": "external",
"summary": "SUSE Bug 1242745 for CVE-2023-53039",
"url": "https://bugzilla.suse.com/1242745"
},
{
"category": "external",
"summary": "SUSE Bug 1242880 for CVE-2023-53039",
"url": "https://bugzilla.suse.com/1242880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-53039"
},
{
"cve": "CVE-2023-53052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix use-after-free bug in refresh_cache_worker()\n\nThe UAF bug occurred because we were putting DFS root sessions in\ncifs_umount() while DFS cache refresher was being executed.\n\nMake DFS root sessions have same lifetime as DFS tcons so we can avoid\nthe use-after-free bug is DFS cache refresher and other places that\nrequire IPCs to get new DFS referrals on. Also, get rid of mount\ngroup handling in DFS cache as we no longer need it.\n\nThis fixes below use-after-free bug catched by KASAN\n\n[ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56\n[ 379.948096]\n[ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23\n[ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014\n[ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs]\n[ 379.949942] Call Trace:\n[ 379.950113] \u003cTASK\u003e\n[ 379.950260] dump_stack_lvl+0x50/0x67\n[ 379.950510] print_report+0x16a/0x48e\n[ 379.950759] ? __virt_addr_valid+0xd8/0x160\n[ 379.951040] ? __phys_addr+0x41/0x80\n[ 379.951285] kasan_report+0xdb/0x110\n[ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs]\n[ 379.953637] ? __pfx___mutex_lock+0x10/0x10\n[ 379.953915] ? lock_release+0xb6/0x720\n[ 379.954167] ? __pfx_lock_acquire+0x10/0x10\n[ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs]\n[ 379.954960] ? __pfx_wb_workfn+0x10/0x10\n[ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs]\n[ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs]\n[ 379.956323] ? __pfx_lock_acquired+0x10/0x10\n[ 379.956615] ? read_word_at_a_time+0xe/0x20\n[ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220\n[ 379.957235] process_one_work+0x535/0x990\n[ 379.957509] ? __pfx_process_one_work+0x10/0x10\n[ 379.957812] ? lock_acquired+0xb7/0x5f0\n[ 379.958069] ? __list_add_valid+0x37/0xd0\n[ 379.958341] ? __list_add_valid+0x37/0xd0\n[ 379.958611] worker_thread+0x8e/0x630\n[ 379.958861] ? __pfx_worker_thread+0x10/0x10\n[ 379.959148] kthread+0x17d/0x1b0\n[ 379.959369] ? __pfx_kthread+0x10/0x10\n[ 379.959630] ret_from_fork+0x2c/0x50\n[ 379.959879] \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53052",
"url": "https://www.suse.com/security/cve/CVE-2023-53052"
},
{
"category": "external",
"summary": "SUSE Bug 1242749 for CVE-2023-53052",
"url": "https://bugzilla.suse.com/1242749"
},
{
"category": "external",
"summary": "SUSE Bug 1242881 for CVE-2023-53052",
"url": "https://bugzilla.suse.com/1242881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2023-53052"
},
{
"cve": "CVE-2023-53106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53106"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: st-nci: Fix use after free bug in ndlc_remove due to race condition\n\nThis bug influences both st_nci_i2c_remove and st_nci_spi_remove.\nTake st_nci_i2c_remove as an example.\n\nIn st_nci_i2c_probe, it called ndlc_probe and bound \u0026ndlc-\u003esm_work\nwith llt_ndlc_sm_work.\n\nWhen it calls ndlc_recv or timeout handler, it will finally call\nschedule_work to start the work.\n\nWhen we call st_nci_i2c_remove to remove the driver, there\nmay be a sequence as follows:\n\nFix it by finishing the work before cleanup in ndlc_remove\n\nCPU0 CPU1\n\n |llt_ndlc_sm_work\nst_nci_i2c_remove |\n ndlc_remove |\n st_nci_remove |\n nci_free_device|\n kfree(ndev) |\n//free ndlc-\u003endev |\n |llt_ndlc_rcv_queue\n |nci_recv_frame\n |//use ndlc-\u003endev",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53106",
"url": "https://www.suse.com/security/cve/CVE-2023-53106"
},
{
"category": "external",
"summary": "SUSE Bug 1242215 for CVE-2023-53106",
"url": "https://bugzilla.suse.com/1242215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-53106"
},
{
"cve": "CVE-2023-6531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6531"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6531",
"url": "https://www.suse.com/security/cve/CVE-2023-6531"
},
{
"category": "external",
"summary": "SUSE Bug 1218447 for CVE-2023-6531",
"url": "https://bugzilla.suse.com/1218447"
},
{
"category": "external",
"summary": "SUSE Bug 1218487 for CVE-2023-6531",
"url": "https://bugzilla.suse.com/1218487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2023-6531"
},
{
"cve": "CVE-2024-35811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35811"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach\n\nThis is the candidate patch of CVE-2023-47233 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47233\n\nIn brcm80211 driver,it starts with the following invoking chain\nto start init a timeout worker:\n\n-\u003ebrcmf_usb_probe\n -\u003ebrcmf_usb_probe_cb\n -\u003ebrcmf_attach\n -\u003ebrcmf_bus_started\n -\u003ebrcmf_cfg80211_attach\n -\u003ewl_init_priv\n -\u003ebrcmf_init_escan\n -\u003eINIT_WORK(\u0026cfg-\u003eescan_timeout_work,\n\t\t brcmf_cfg80211_escan_timeout_worker);\n\nIf we disconnect the USB by hotplug, it will call\nbrcmf_usb_disconnect to make cleanup. The invoking chain is :\n\nbrcmf_usb_disconnect\n -\u003ebrcmf_usb_disconnect_cb\n -\u003ebrcmf_detach\n -\u003ebrcmf_cfg80211_detach\n -\u003ekfree(cfg);\n\nWhile the timeout woker may still be running. This will cause\na use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.\n\nFix it by deleting the timer and canceling the worker in\nbrcmf_cfg80211_detach.\n\n[arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35811",
"url": "https://www.suse.com/security/cve/CVE-2024-35811"
},
{
"category": "external",
"summary": "SUSE Bug 1224592 for CVE-2024-35811",
"url": "https://bugzilla.suse.com/1224592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-35811"
},
{
"cve": "CVE-2024-35895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\n\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026htab-\u003ebuckets[i].lock);\n local_irq_disable();\n lock(\u0026host-\u003elock);\n lock(\u0026htab-\u003ebuckets[i].lock);\n \u003cInterrupt\u003e\n lock(\u0026host-\u003elock);\n\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\n\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\n\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35895",
"url": "https://www.suse.com/security/cve/CVE-2024-35895"
},
{
"category": "external",
"summary": "SUSE Bug 1224511 for CVE-2024-35895",
"url": "https://bugzilla.suse.com/1224511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-35895"
},
{
"cve": "CVE-2024-35914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix error cleanup path in nfsd_rename()\n\nCommit a8b0026847b8 (\"rename(): avoid a deadlock in the case of parents\nhaving no common ancestor\") added an error bail out path. However this\npath does not drop the remount protection that has been acquired. Fix\nthe cleanup path to properly drop the remount protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35914",
"url": "https://www.suse.com/security/cve/CVE-2024-35914"
},
{
"category": "external",
"summary": "SUSE Bug 1224482 for CVE-2024-35914",
"url": "https://bugzilla.suse.com/1224482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-35914"
},
{
"cve": "CVE-2024-46814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check msg_id before processing transcation\n\n[WHY \u0026 HOW]\nHDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid\narray index, and it needs checking before used.\n\nThis fixes 4 OVERRUN issues reported by Coverity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46814",
"url": "https://www.suse.com/security/cve/CVE-2024-46814"
},
{
"category": "external",
"summary": "SUSE Bug 1231193 for CVE-2024-46814",
"url": "https://bugzilla.suse.com/1231193"
},
{
"category": "external",
"summary": "SUSE Bug 1231194 for CVE-2024-46814",
"url": "https://bugzilla.suse.com/1231194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2024-46814"
},
{
"cve": "CVE-2024-53168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53168"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 \u003cfa\u003e c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp\u0027s timer handler function causes problems.\n\nTo fix this problem, let\u0027s hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53168",
"url": "https://www.suse.com/security/cve/CVE-2024-53168"
},
{
"category": "external",
"summary": "SUSE Bug 1234887 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1234887"
},
{
"category": "external",
"summary": "SUSE Bug 1243650 for CVE-2024-53168",
"url": "https://bugzilla.suse.com/1243650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2024-53168"
},
{
"cve": "CVE-2024-56558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: make sure exp active before svc_export_show\n\nThe function `e_show` was called with protection from RCU. This only\nensures that `exp` will not be freed. Therefore, the reference count for\n`exp` can drop to zero, which will trigger a refcount use-after-free\nwarning when `exp_get` is called. To resolve this issue, use\n`cache_get_rcu` to ensure that `exp` remains active.\n\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 819 at lib/refcount.c:25\nrefcount_warn_saturate+0xb1/0x120\nCPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb1/0x120\n...\nCall Trace:\n \u003cTASK\u003e\n e_show+0x20b/0x230 [nfsd]\n seq_read_iter+0x589/0x770\n seq_read+0x1e5/0x270\n vfs_read+0x125/0x530\n ksys_read+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56558",
"url": "https://www.suse.com/security/cve/CVE-2024-56558"
},
{
"category": "external",
"summary": "SUSE Bug 1235100 for CVE-2024-56558",
"url": "https://bugzilla.suse.com/1235100"
},
{
"category": "external",
"summary": "SUSE Bug 1243648 for CVE-2024-56558",
"url": "https://bugzilla.suse.com/1243648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-56558"
},
{
"cve": "CVE-2025-21812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: rcu protect dev-\u003eax25_ptr\n\nsyzbot found a lockdep issue [1].\n\nWe should remove ax25 RTNL dependency in ax25_setsockopt()\n\nThis should also fix a variety of possible UAF in ax25.\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted\n------------------------------------------------------\nsyz.5.1818/12806 is trying to acquire lock:\n ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n\nbut task is already holding lock:\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (sk_lock-AF_AX25){+.+.}-{0:0}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n lock_sock_nested+0x48/0x100 net/core/sock.c:3642\n lock_sock include/net/sock.h:1618 [inline]\n ax25_kill_by_device net/ax25/af_ax25.c:101 [inline]\n ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146\n notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85\n __dev_notify_flags+0x207/0x400\n dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026\n dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563\n dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820\n sock_do_ioctl+0x240/0x460 net/socket.c:1234\n sock_ioctl+0x626/0x8e0 net/socket.c:1339\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (rtnl_mutex){+.+.}-{4:4}:\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/locking/lockdep.c:3280 [inline]\n validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904\n __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735\n ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2324\n __sys_setsockopt net/socket.c:2349 [inline]\n __do_sys_setsockopt net/socket.c:2355 [inline]\n __se_sys_setsockopt net/socket.c:2352 [inline]\n __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n\n *** DEADLOCK ***\n\n1 lock held by syz.5.1818/12806:\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074\n check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/lockin\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21812",
"url": "https://www.suse.com/security/cve/CVE-2025-21812"
},
{
"category": "external",
"summary": "SUSE Bug 1238471 for CVE-2025-21812",
"url": "https://bugzilla.suse.com/1238471"
},
{
"category": "external",
"summary": "SUSE Bug 1240736 for CVE-2025-21812",
"url": "https://bugzilla.suse.com/1240736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2025-21812"
},
{
"cve": "CVE-2025-21999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: fix UAF in proc_get_inode()\n\nFix race between rmmod and /proc/XXX\u0027s inode instantiation.\n\nThe bug is that pde-\u003eproc_ops don\u0027t belong to /proc, it belongs to a\nmodule, therefore dereferencing it after /proc entry has been registered\nis a bug unless use_pde/unuse_pde() pair has been used.\n\nuse_pde/unuse_pde can be avoided (2 atomic ops!) because pde-\u003eproc_ops\nnever changes so information necessary for inode instantiation can be\nsaved _before_ proc_register() in PDE itself and used later, avoiding\npde-\u003eproc_ops-\u003e... dereference.\n\n rmmod lookup\nsys_delete_module\n proc_lookup_de\n\t\t\t pde_get(de);\n\t\t\t proc_get_inode(dir-\u003ei_sb, de);\n mod-\u003eexit()\n proc_remove\n remove_proc_subtree\n proc_entry_rundown(de);\n free_module(mod);\n\n if (S_ISREG(inode-\u003ei_mode))\n\t if (de-\u003eproc_ops-\u003eproc_read_iter)\n --\u003e As module is already freed, will trigger UAF\n\nBUG: unable to handle page fault for address: fffffbfff80a702b\nPGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nRIP: 0010:proc_get_inode+0x302/0x6e0\nRSP: 0018:ffff88811c837998 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007\nRDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158\nRBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20\nR10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0\nR13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001\nFS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n proc_lookup_de+0x11f/0x2e0\n __lookup_slow+0x188/0x350\n walk_component+0x2ab/0x4f0\n path_lookupat+0x120/0x660\n filename_lookup+0x1ce/0x560\n vfs_statx+0xac/0x150\n __do_sys_newstat+0x96/0x110\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[adobriyan@gmail.com: don\u0027t do 2 atomic ops on the common path]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21999",
"url": "https://www.suse.com/security/cve/CVE-2025-21999"
},
{
"category": "external",
"summary": "SUSE Bug 1240802 for CVE-2025-21999",
"url": "https://bugzilla.suse.com/1240802"
},
{
"category": "external",
"summary": "SUSE Bug 1242579 for CVE-2025-21999",
"url": "https://bugzilla.suse.com/1242579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "important"
}
],
"title": "CVE-2025-21999"
},
{
"cve": "CVE-2025-37789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37789"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt\u0027s not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header. Check that the attribute is OK first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37789",
"url": "https://www.suse.com/security/cve/CVE-2025-37789"
},
{
"category": "external",
"summary": "SUSE Bug 1242762 for CVE-2025-37789",
"url": "https://bugzilla.suse.com/1242762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1.noarch",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-18T08:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-37789"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…