csaf_suse - suse-su-2025:20355-1

suse-su-2025:20355-1

Vulnerability from csaf_suse

Published
2025-05-23 07:28
Modified
2025-05-23 07:28
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - Correct the upsteram version numbers in the previous patches - Drop PCI patch that caused a regression (bsc#1241123) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: xpad - fix two controller table values (git-fixes). - Move upstreamed smb patch into sorted section Also move other out-of-tree patches into the proper section - Move upstreamed sound patch into sorted section - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Revert "drivers: core: synchronize really_probe() and dev_uevent()" (stable-fixes). - Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" (git-fixes). - Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/package-descriptions: Add rt and rt_debug descriptions - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167).
Patchnames
SUSE-SLE-Micro-6.1-kernel-23
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
JSON
To clipboard
{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).\n- CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597).\n- CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075).\n- CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098).\n- CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086).\n- CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961).\n- CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983).\n- CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).\n- CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704).\n- CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).\n- CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).\n- CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).\n- CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).\n- CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).\n- CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742).\n- CVE-2025-21812: ax25: rcu protect dev-\u003eax25_ptr (bsc#1238471).\n- CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108).\n- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).\n- CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181).\n- CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576).\n- CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713).\n- CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712).\n- CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709).\n- CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655).\n- CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717).\n- CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740).\n- CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809).\n- CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).\n- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).\n- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).\n- CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944).\n- CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934).\n- CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936).\n- CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).\n- CVE-2025-22029: exec: fix the racy usage of fs_struct-\u003ein_exec (bsc#1241378).\n- CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426).\n- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).\n- CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373).\n- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).\n- CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).\n- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).\n- CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413).\n- CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416).\n- CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537).\n- CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456).\n- CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).\n- CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548).\n- CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575).\n- CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).\n- CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578).\n- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).\n- CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451).\n- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).\n- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).\n- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).\n- CVE-2025-37798: codel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414).\n- CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283).\n- CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626).\n\nThe following non-security bugs were fixed:\n\n- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).\n- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).\n- ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).\n- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).\n- ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes).\n- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes).\n- ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes).\n- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044).\n- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).\n- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).\n- ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes).\n- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes).\n- ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes).\n- ASoC: Use of_property_read_bool() (stable-fixes).\n- ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).\n- ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes).\n- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes).\n- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).\n- ASoC: fsl_audmix: register card device depends on \u0027dais\u0027 property (stable-fixes).\n- ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes).\n- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).\n- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).\n- Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes).\n- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes).\n- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes).\n- Bluetooth: hci_uart: Fix another race during initialization (git-fixes).\n- Bluetooth: hci_uart: fix race during initialization (stable-fixes).\n- Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes).\n- Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes).\n- Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).\n- Correct the upsteram version numbers in the previous patches\n- Drop PCI patch that caused a regression (bsc#1241123)\n- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).\n- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).\n- Input: xpad - fix two controller table values (git-fixes).\n- Move upstreamed smb patch into sorted section Also move other out-of-tree patches into the proper section\n- Move upstreamed sound patch into sorted section\n- OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961)\n- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes).\n- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes).\n- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes)\n- RDMA/core: Silence oversized kvmalloc() warning (git-fixes)\n- RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)\n- RDMA/mana_ib: Ensure variable err is initialized (git-fixes).\n- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes)\n- Revert \"drivers: core: synchronize really_probe() and dev_uevent()\" (stable-fixes).\n- Revert \"drm/meson: vclk: fix calculation of 59.94 fractional rates\" (git-fixes).\n- Revert \"wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue()\" (git-fixes).\n- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).\n- USB: VLI disk crashes if LPM is used (stable-fixes).\n- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes).\n- USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).\n- USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes).\n- USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).\n- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).\n- USB: wdm: add annotation (git-fixes).\n- USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes).\n- USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes).\n- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes).\n- ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes).\n- asus-laptop: Fix an uninitialized variable (git-fixes).\n- ata: libata-sata: Save all fields from sense data descriptor (git-fixes).\n- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes).\n- ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes).\n- ata: libata-scsi: Improve CDL control (git-fixes).\n- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes).\n- ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes).\n- auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes).\n- auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).\n- badblocks: Fix error shitf ops (git-fixes).\n- badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes).\n- badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes).\n- badblocks: fix the using of MAX_BADBLOCKS (git-fixes).\n- badblocks: return error directly when setting badblocks exceeds 512 (git-fixes).\n- badblocks: return error if any badblock set fails (git-fixes).\n- blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes).\n- block: change blk_mq_add_to_batch() third argument type to bool (git-fixes).\n- block: fix \u0027kmem_cache of name \u0027bio-108\u0027 already exists\u0027 (git-fixes).\n- block: fix conversion of GPT partition name to 7-bit (git-fixes).\n- block: fix resource leak in blk_register_queue() error path (git-fixes).\n- block: integrity: Do not call set_page_dirty_lock() (git-fixes).\n- block: make sure -\u003enr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes).\n- bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes).\n- bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes).\n- bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes).\n- bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes).\n- bpf: add find_containing_subprog() utility function (bsc#1241590).\n- bpf: check changes_pkt_data property for extension programs (bsc#1241590).\n- bpf: consider that tail calls invalidate packet pointers (bsc#1241590).\n- bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590).\n- bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590).\n- bpf: track changes_pkt_data property for global functions (bsc#1241590).\n- btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204).\n- btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710).\n- btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151).\n- btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204).\n- btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204).\n- btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204).\n- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).\n- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).\n- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).\n- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).\n- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes).\n- char: misc: register chrdev region with all possible minors (git-fixes).\n- cifs: Fix integer overflow while processing actimeo mount option (git-fixes).\n- crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes).\n- crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).\n- crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).\n- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes).\n- dm-bufio: do not schedule in atomic context (git-fixes).\n- dm-ebs: fix prefetch-vs-suspend race (git-fixes).\n- dm-integrity: set ti-\u003eerror on memory allocation failure (git-fixes).\n- dm-verity: fix prefetch-vs-suspend race (git-fixes).\n- dm: add missing unlock on in dm_keyslot_evict() (git-fixes).\n- dm: always update the array size in realloc_argv on success (git-fixes).\n- dm: fix copying after src array boundaries (git-fixes).\n- dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes).\n- drivers: base: devres: Allow to release group on device release (stable-fixes).\n- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).\n- drm/amd/display: Copy AUX read reply data whenever length \u003e 0 (git-fixes).\n- drm/amd/display: Fix gpu reset in multidisplay config (git-fixes).\n- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).\n- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).\n- drm/amd/display: Force full update in gpu reset (stable-fixes).\n- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).\n- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).\n- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).\n- drm/amd: Handle being compiled without SI or CIK support better (stable-fixes).\n- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).\n- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes).\n- drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).\n- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes).\n- drm/amdkfd: clamp queue size to minimum (stable-fixes).\n- drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).\n- drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes).\n- drm/fdinfo: Protect against driver unbind (git-fixes).\n- drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes).\n- drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes).\n- drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions\u0027 (git-fixes).\n- drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes).\n- drm/i915: Disable RPG during live selftest (git-fixes).\n- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes).\n- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes).\n- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes).\n- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).\n- drm/tests: Add helper to create mock crtc (stable-fixes).\n- drm/tests: Add helper to create mock plane (stable-fixes).\n- drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes).\n- drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes).\n- drm/tests: helpers: Add atomic helpers (stable-fixes).\n- drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes).\n- drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes).\n- drm/tests: helpers: Fix compiler warning (git-fixes).\n- drm/tests: modes: Fix drm_display_mode memory leak (git-fixes).\n- drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes).\n- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes).\n- drm: allow encoder mode_set even when connectors change for crtc (stable-fixes).\n- drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes).\n- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes).\n- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes).\n- drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes).\n- e1000e: change k1 configuration on MTP and later platforms (git-fixes).\n- eth: bnxt: fix missing ring index trim on error path (git-fixes).\n- ethtool: Fix context creation with no parameters (git-fixes).\n- ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes).\n- ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes).\n- ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes).\n- ethtool: fix setting key and resetting indir at once (git-fixes).\n- ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes).\n- ethtool: netlink: do not return SQI value if link is down (git-fixes).\n- ethtool: plca: fix plca enable data type while parsing the value (git-fixes).\n- ethtool: rss: echo the context number back (git-fixes).\n- exfat: do not fallback to buffered write (git-fixes).\n- exfat: drop -\u003ei_size_ondisk (git-fixes).\n- exfat: fix soft lockup in exfat_clear_bitmap (git-fixes).\n- exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes).\n- ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342).\n- ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).\n- ext4: do not over-report free space or inodes in statvfs (bsc#1242345).\n- ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347).\n- ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).\n- ext4: goto right label \u0027out_mmap_sem\u0027 in ext4_setattr() (bsc#1242556).\n- ext4: make block validity check resistent to sb bh corruption (bsc#1242348).\n- ext4: partial zero eof block on unaligned inode size extension (bsc#1242336).\n- ext4: protect ext4_release_dquot against freezing (bsc#1242335).\n- ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536).\n- ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539).\n- ext4: unify the type of flexbg_size to unsigned int (bsc#1242538).\n- fbdev: omapfb: Add \u0027plane\u0027 value check (stable-fixes).\n- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes).\n- firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes).\n- fs/jfs: Prevent integer overflow in AG size calculation (git-fixes).\n- fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes).\n- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250).\n- fs: better handle deep ancestor chains in is_subdir() (bsc#1242528).\n- fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535).\n- fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526).\n- fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).\n- gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes).\n- gve: handle overflow when reporting TX consumed descriptors (git-fixes).\n- gve: set xdp redirect target only when it is available (git-fixes).\n- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes).\n- i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes).\n- i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).\n- ice: Add check for devm_kzalloc() (git-fixes).\n- ice: fix reservation of resources for RDMA when disabled (git-fixes).\n- ice: stop truncating queue ids when checking (git-fixes).\n- idpf: check error for register_netdev() on init (git-fixes).\n- idpf: fix adapter NULL pointer dereference on reboot (git-fixes).\n- igb: reject invalid external timestamp requests for 82580-based HW (git-fixes).\n- igc: add lock preventing multiple simultaneous PTM transactions (git-fixes).\n- igc: cleanup PTP module if probe fails (git-fixes).\n- igc: fix PTM cycle trigger logic (git-fixes).\n- igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes).\n- igc: increase wait time before retrying PTM (git-fixes).\n- igc: move ktime snapshot into PTM retry loop (git-fixes).\n- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).\n- iio: adc: ad7606: fix serial register access (git-fixes).\n- iio: adc: ad7768-1: Fix conversion result sign (git-fixes).\n- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes).\n- iio: adis16201: Correct inclinometer channel resolution (git-fixes).\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).\n- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).\n- iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes).\n- ipv4: fib: annotate races around nh-\u003enh_saddr_genid and nh-\u003enh_saddr (git-fixes).\n- irqchip/davinci: Remove leftover header (git-fixes).\n- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes).\n- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).\n- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307).\n- jbd2: add a missing data flush during file and fs synchronization (bsc#1242346).\n- jbd2: fix off-by-one while erasing journal (bsc#1242344).\n- jbd2: flush filesystem device before updating tail sequence (bsc#1242333).\n- jbd2: increase IO priority for writing revoke records (bsc#1242332).\n- jbd2: increase the journal IO\u0027s priority (bsc#1242537).\n- jbd2: remove wrong sb-\u003es_sequence check (bsc#1242343).\n- jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes).\n- jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes).\n- jfs: add sanity check for agwidth in dbMount (git-fixes).\n- kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).\n- kABI workaround for powercap update (bsc#1241010).\n- ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes).\n- kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).\n- loop: LOOP_SET_FD: send uevents for partitions (git-fixes).\n- loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes).\n- loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes).\n- md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212)\n- media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).\n- mei: me: add panther lake H DID (stable-fixes).\n- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes).\n- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes).\n- mm/readahead: fix large folio support in async readahead (bsc#1242321).\n- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326).\n- mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327).\n- mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546).\n- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes).\n- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes).\n- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes).\n- mptcp: refine opt_mp_capable determination (git-fixes).\n- mptcp: relax check on MPC passive fallback (git-fixes).\n- mptcp: strict validation before using mp_opt-\u003ehmac (git-fixes).\n- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes).\n- net/mlx5: Fill out devlink dev info only for PFs (git-fixes).\n- net/mlx5: IRQ, Fix null string in debug print (git-fixes).\n- net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes).\n- net/mlx5: Start health poll after enable hca (git-fixes).\n- net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes).\n- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes).\n- net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes).\n- net/tcp: refactor tcp_inet6_sk() (git-fixes).\n- net: annotate data-races around sk-\u003esk_dst_pending_confirm (git-fixes).\n- net: annotate data-races around sk-\u003esk_tx_queue_mapping (git-fixes).\n- net: blackhole_dev: fix build warning for ethh set but not used (git-fixes).\n- net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes).\n- net: ethtool: Fix RSS setting (git-fixes).\n- net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).\n- net: mana: Switch to page pool for jumbo frames (git-fixes).\n- net: mark racy access on sk-\u003esk_rcvbuf (git-fixes).\n- net: phy: leds: fix memory leak (git-fixes).\n- net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes).\n- net: sctp: fix skb leak in sctp_inq_free() (git-fixes).\n- net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes).\n- net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).\n- net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes).\n- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes).\n- net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes).\n- netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes).\n- nfs: add missing selections of CONFIG_CRC32 (git-fixes).\n- nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes).\n- ntb: reduce stack usage in idt_scan_mws (stable-fixes).\n- ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).\n- nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes).\n- nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).\n- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes).\n- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).\n- nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes).\n- nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes).\n- nvmet-fcloop: swap list_add_tail arguments (git-fixes).\n- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)\n- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)\n- perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)\n- perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)\n- phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes).\n- pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes).\n- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).\n- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).\n- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes).\n- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).\n- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).\n- powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010).\n- powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010).\n- powerpc/boot: Check for ld-option support (bsc#1215199).\n- powerpc/boot: Fix dash warning (bsc#1215199).\n- powerpc: Do not use --- in kernel logs (git-fixes).\n- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes).\n- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes).\n- pwm: rcar: Improve register calculation (git-fixes).\n- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN\n- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).\n- rpm/package-descriptions: Add rt and rt_debug descriptions\n- rtc: pcf85063: do a SW reset if POR failed (stable-fixes).\n- scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes).\n- scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes).\n- scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes).\n- scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp-\u003enlp_flag (git-fixes).\n- scsi: mpi3mr: Fix locking in an error path (git-fixes).\n- scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).\n- scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes).\n- scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes).\n- sctp: Fix undefined behavior in left shift operation (git-fixes).\n- sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes).\n- sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).\n- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes).\n- sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes).\n- sctp: fix busy polling (git-fixes).\n- sctp: prefer struct_size over open coded arithmetic (git-fixes).\n- sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).\n- selftests/bpf: Add a few tests to cover (git-fixes).\n- selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590).\n- selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590).\n- selftests/bpf: test for changing packet data from global functions (bsc#1241590).\n- selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590).\n- selftests/futex: futex_waitv wouldblock test should fail (git-fixes).\n- selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes).\n- serial: msm: Configure correct working mode before starting earlycon (git-fixes).\n- serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes).\n- smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265).\n- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes).\n- spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes).\n- spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes).\n- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes).\n- splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328).\n- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).\n- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).\n- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).\n- string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes).\n- tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes).\n- thunderbolt: Scan retimers after device router has been enumerated (stable-fixes).\n- tools/hv: update route parsing in kvp daemon (git-fixes).\n- tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175).\n- tools/power turbostat: report CoreThr per measurement interval (git-fixes).\n- tty: n_tty: use uint for space returned by tty_write_room() (git-fixes).\n- ublk: set_params: properly check if parameters can be applied (git-fixes).\n- udf: Fix inode_getblk() return value (bsc#1242313).\n- udf: Skip parent dir link count update if corrupted (bsc#1242315).\n- udf: Verify inode link counts before performing rename (bsc#1242314).\n- usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).\n- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).\n- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes).\n- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes).\n- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes).\n- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).\n- usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes).\n- usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).\n- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).\n- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes).\n- usb: gadget: f_ecm: Add get_status callback (git-fixes).\n- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).\n- usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes).\n- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).\n- usb: host: xhci-plat: mvebu: use -\u003equirks instead of -\u003einit_quirk() func (stable-fixes).\n- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes).\n- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes).\n- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).\n- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).\n- usb: uhci-platform: Make the clock really optional (git-fixes).\n- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).\n- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).\n- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).\n- vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes).\n- vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).\n- virtchnl: make proto and filter action count unsigned (git-fixes).\n- vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).\n- vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394).\n- wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes).\n- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes).\n- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes).\n- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes).\n- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).\n- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes).\n- wifi: mac80211: Update skb\u0027s control block key in ieee80211_tx_dequeue() (git-fixes).\n- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes).\n- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes).\n- wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes).\n- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).\n- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).\n- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).\n- x86/bugs: Add RSB mitigation document (git-fixes).\n- x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).\n- x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes).\n- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).\n- x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes).\n- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).\n- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes).\n- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).\n- x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes).\n- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes).\n- x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).\n- x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).\n- x86/microcode/AMD: Split load_microcode_amd() (git-fixes).\n- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes).\n- x86/microcode/intel: Set new revision only after a successful update (git-fixes).\n- x86/microcode: Remove the driver announcement and version (git-fixes).\n- x86/microcode: Rework early revisions reporting (git-fixes).\n- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).\n- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).\n- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).\n- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(),\n  on non-FSRM/ERMS CPUs (git-fixes).\n- xfs: flush inodegc before swapon (git-fixes).\n- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).\n- zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.1-kernel-23",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20355-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:20355-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520355-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:20355-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-June/039504.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215199",
        "url": "https://bugzilla.suse.com/1215199"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1223809",
        "url": "https://bugzilla.suse.com/1223809"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1224013",
        "url": "https://bugzilla.suse.com/1224013"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1224597",
        "url": "https://bugzilla.suse.com/1224597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1224757",
        "url": "https://bugzilla.suse.com/1224757"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1228659",
        "url": "https://bugzilla.suse.com/1228659"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230764",
        "url": "https://bugzilla.suse.com/1230764"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1231103",
        "url": "https://bugzilla.suse.com/1231103"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232493",
        "url": "https://bugzilla.suse.com/1232493"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233075",
        "url": "https://bugzilla.suse.com/1233075"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233098",
        "url": "https://bugzilla.suse.com/1233098"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235501",
        "url": "https://bugzilla.suse.com/1235501"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235526",
        "url": "https://bugzilla.suse.com/1235526"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236086",
        "url": "https://bugzilla.suse.com/1236086"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236704",
        "url": "https://bugzilla.suse.com/1236704"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1237111",
        "url": "https://bugzilla.suse.com/1237111"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238212",
        "url": "https://bugzilla.suse.com/1238212"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238471",
        "url": "https://bugzilla.suse.com/1238471"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238527",
        "url": "https://bugzilla.suse.com/1238527"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238714",
        "url": "https://bugzilla.suse.com/1238714"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238737",
        "url": "https://bugzilla.suse.com/1238737"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238742",
        "url": "https://bugzilla.suse.com/1238742"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238745",
        "url": "https://bugzilla.suse.com/1238745"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238862",
        "url": "https://bugzilla.suse.com/1238862"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238961",
        "url": "https://bugzilla.suse.com/1238961"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238983",
        "url": "https://bugzilla.suse.com/1238983"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239079",
        "url": "https://bugzilla.suse.com/1239079"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239108",
        "url": "https://bugzilla.suse.com/1239108"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239470",
        "url": "https://bugzilla.suse.com/1239470"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239476",
        "url": "https://bugzilla.suse.com/1239476"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239487",
        "url": "https://bugzilla.suse.com/1239487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239510",
        "url": "https://bugzilla.suse.com/1239510"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239997",
        "url": "https://bugzilla.suse.com/1239997"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240181",
        "url": "https://bugzilla.suse.com/1240181"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240557",
        "url": "https://bugzilla.suse.com/1240557"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240576",
        "url": "https://bugzilla.suse.com/1240576"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240655",
        "url": "https://bugzilla.suse.com/1240655"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240709",
        "url": "https://bugzilla.suse.com/1240709"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240712",
        "url": "https://bugzilla.suse.com/1240712"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240713",
        "url": "https://bugzilla.suse.com/1240713"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240717",
        "url": "https://bugzilla.suse.com/1240717"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240740",
        "url": "https://bugzilla.suse.com/1240740"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240785",
        "url": "https://bugzilla.suse.com/1240785"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240802",
        "url": "https://bugzilla.suse.com/1240802"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240809",
        "url": "https://bugzilla.suse.com/1240809"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240811",
        "url": "https://bugzilla.suse.com/1240811"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240835",
        "url": "https://bugzilla.suse.com/1240835"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240934",
        "url": "https://bugzilla.suse.com/1240934"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240936",
        "url": "https://bugzilla.suse.com/1240936"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240944",
        "url": "https://bugzilla.suse.com/1240944"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241010",
        "url": "https://bugzilla.suse.com/1241010"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241038",
        "url": "https://bugzilla.suse.com/1241038"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241051",
        "url": "https://bugzilla.suse.com/1241051"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241123",
        "url": "https://bugzilla.suse.com/1241123"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241151",
        "url": "https://bugzilla.suse.com/1241151"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241167",
        "url": "https://bugzilla.suse.com/1241167"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241175",
        "url": "https://bugzilla.suse.com/1241175"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241204",
        "url": "https://bugzilla.suse.com/1241204"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241250",
        "url": "https://bugzilla.suse.com/1241250"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241265",
        "url": "https://bugzilla.suse.com/1241265"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241266",
        "url": "https://bugzilla.suse.com/1241266"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241280",
        "url": "https://bugzilla.suse.com/1241280"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241332",
        "url": "https://bugzilla.suse.com/1241332"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241333",
        "url": "https://bugzilla.suse.com/1241333"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241341",
        "url": "https://bugzilla.suse.com/1241341"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241343",
        "url": "https://bugzilla.suse.com/1241343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241344",
        "url": "https://bugzilla.suse.com/1241344"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241347",
        "url": "https://bugzilla.suse.com/1241347"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241357",
        "url": "https://bugzilla.suse.com/1241357"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241361",
        "url": "https://bugzilla.suse.com/1241361"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241369",
        "url": "https://bugzilla.suse.com/1241369"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241371",
        "url": "https://bugzilla.suse.com/1241371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241373",
        "url": "https://bugzilla.suse.com/1241373"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241378",
        "url": "https://bugzilla.suse.com/1241378"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241394",
        "url": "https://bugzilla.suse.com/1241394"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241402",
        "url": "https://bugzilla.suse.com/1241402"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241412",
        "url": "https://bugzilla.suse.com/1241412"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241413",
        "url": "https://bugzilla.suse.com/1241413"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241416",
        "url": "https://bugzilla.suse.com/1241416"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241424",
        "url": "https://bugzilla.suse.com/1241424"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241426",
        "url": "https://bugzilla.suse.com/1241426"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241433",
        "url": "https://bugzilla.suse.com/1241433"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241436",
        "url": "https://bugzilla.suse.com/1241436"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241441",
        "url": "https://bugzilla.suse.com/1241441"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241442",
        "url": "https://bugzilla.suse.com/1241442"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241443",
        "url": "https://bugzilla.suse.com/1241443"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241451",
        "url": "https://bugzilla.suse.com/1241451"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241452",
        "url": "https://bugzilla.suse.com/1241452"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241456",
        "url": "https://bugzilla.suse.com/1241456"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241458",
        "url": "https://bugzilla.suse.com/1241458"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241459",
        "url": "https://bugzilla.suse.com/1241459"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241526",
        "url": "https://bugzilla.suse.com/1241526"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241528",
        "url": "https://bugzilla.suse.com/1241528"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241537",
        "url": "https://bugzilla.suse.com/1241537"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241541",
        "url": "https://bugzilla.suse.com/1241541"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241545",
        "url": "https://bugzilla.suse.com/1241545"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241547",
        "url": "https://bugzilla.suse.com/1241547"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241548",
        "url": "https://bugzilla.suse.com/1241548"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241550",
        "url": "https://bugzilla.suse.com/1241550"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241573",
        "url": "https://bugzilla.suse.com/1241573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241574",
        "url": "https://bugzilla.suse.com/1241574"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241575",
        "url": "https://bugzilla.suse.com/1241575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241578",
        "url": "https://bugzilla.suse.com/1241578"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241590",
        "url": "https://bugzilla.suse.com/1241590"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241593",
        "url": "https://bugzilla.suse.com/1241593"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241598",
        "url": "https://bugzilla.suse.com/1241598"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241599",
        "url": "https://bugzilla.suse.com/1241599"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241601",
        "url": "https://bugzilla.suse.com/1241601"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241626",
        "url": "https://bugzilla.suse.com/1241626"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241640",
        "url": "https://bugzilla.suse.com/1241640"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241648",
        "url": "https://bugzilla.suse.com/1241648"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242006",
        "url": "https://bugzilla.suse.com/1242006"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242044",
        "url": "https://bugzilla.suse.com/1242044"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242172",
        "url": "https://bugzilla.suse.com/1242172"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242283",
        "url": "https://bugzilla.suse.com/1242283"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242307",
        "url": "https://bugzilla.suse.com/1242307"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242313",
        "url": "https://bugzilla.suse.com/1242313"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242314",
        "url": "https://bugzilla.suse.com/1242314"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242315",
        "url": "https://bugzilla.suse.com/1242315"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242321",
        "url": "https://bugzilla.suse.com/1242321"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242326",
        "url": "https://bugzilla.suse.com/1242326"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242327",
        "url": "https://bugzilla.suse.com/1242327"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242328",
        "url": "https://bugzilla.suse.com/1242328"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242332",
        "url": "https://bugzilla.suse.com/1242332"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242333",
        "url": "https://bugzilla.suse.com/1242333"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242335",
        "url": "https://bugzilla.suse.com/1242335"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242336",
        "url": "https://bugzilla.suse.com/1242336"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242342",
        "url": "https://bugzilla.suse.com/1242342"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242343",
        "url": "https://bugzilla.suse.com/1242343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242344",
        "url": "https://bugzilla.suse.com/1242344"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242345",
        "url": "https://bugzilla.suse.com/1242345"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242346",
        "url": "https://bugzilla.suse.com/1242346"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242347",
        "url": "https://bugzilla.suse.com/1242347"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242348",
        "url": "https://bugzilla.suse.com/1242348"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242414",
        "url": "https://bugzilla.suse.com/1242414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242526",
        "url": "https://bugzilla.suse.com/1242526"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242528",
        "url": "https://bugzilla.suse.com/1242528"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242534",
        "url": "https://bugzilla.suse.com/1242534"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242535",
        "url": "https://bugzilla.suse.com/1242535"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242536",
        "url": "https://bugzilla.suse.com/1242536"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242537",
        "url": "https://bugzilla.suse.com/1242537"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242538",
        "url": "https://bugzilla.suse.com/1242538"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242539",
        "url": "https://bugzilla.suse.com/1242539"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242540",
        "url": "https://bugzilla.suse.com/1242540"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242546",
        "url": "https://bugzilla.suse.com/1242546"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242556",
        "url": "https://bugzilla.suse.com/1242556"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242596",
        "url": "https://bugzilla.suse.com/1242596"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242710",
        "url": "https://bugzilla.suse.com/1242710"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242778",
        "url": "https://bugzilla.suse.com/1242778"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242831",
        "url": "https://bugzilla.suse.com/1242831"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242985",
        "url": "https://bugzilla.suse.com/1242985"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-53034 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-53034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27018 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27018/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27415 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27415/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-28956 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-28956/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-35840 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-35840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-46763 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-46763/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-46865 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-46865/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50083 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50083/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50162 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50162/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50163 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50163/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56641 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56641/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56702 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57924 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57924/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-57998 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-57998/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58001 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58001/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58068 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58068/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58070 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58070/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58088 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58088/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58093 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58093/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58094 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58094/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58095 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58095/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58096 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58096/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58097 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58097/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21683 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21683/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21696 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21707 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21707/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21758 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21758/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21768 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21768/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21792 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21792/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21808 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21808/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21812 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21812/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21833 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21833/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21852 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21853 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21853/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21854 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21867 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21867/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21904 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21904/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21925 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21925/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21926 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21926/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21931 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21931/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21962 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21962/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21963 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21963/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21964 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21964/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21980 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21980/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21985 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21985/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21999 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21999/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22004 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22004/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22015 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22015/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22016 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22016/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22017 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22017/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22018 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22018/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22020 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22020/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22025 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22025/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22027 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22027/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22029 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22029/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22033 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22033/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22036 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22036/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22044 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22044/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22045 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22045/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22050 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22050/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22053 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22053/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22055 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22055/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22058 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22058/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22060 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22060/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22062 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22062/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22064 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22064/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22065 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22065/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22075 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22075/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22080 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22080/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22086 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22086/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22088 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22088/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22090 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22090/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22093 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22093/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22097 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22097/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22102 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22102/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22104 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22104/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22105 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22105/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22106 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22106/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22107 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22107/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22108 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22108/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22109 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22109/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22115 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22115/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22116 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22116/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22121 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22121/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22128 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22128/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23129 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23131 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23131/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23133 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23136 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23136/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23138 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23138/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23145 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37785 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37785/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37798 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37798/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37799 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37799/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37860 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37860/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-39728 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-39728/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2025-05-23T07:28:27Z",
      "generator": {
        "date": "2025-05-23T07:28:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:20355-1",
      "initial_release_date": "2025-05-23T07:28:27Z",
      "revision_history": [
        {
          "date": "2025-05-23T07:28:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-6.4.0-31.1.aarch64",
                "product": {
                  "name": "kernel-rt-6.4.0-31.1.aarch64",
                  "product_id": "kernel-rt-6.4.0-31.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-6.4.0-31.1.aarch64",
                "product": {
                  "name": "kernel-rt-devel-6.4.0-31.1.aarch64",
                  "product_id": "kernel-rt-devel-6.4.0-31.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-rt-6.4.0-31.1.noarch",
                "product": {
                  "name": "kernel-devel-rt-6.4.0-31.1.noarch",
                  "product_id": "kernel-devel-rt-6.4.0-31.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-6.4.0-31.1.noarch",
                "product": {
                  "name": "kernel-source-rt-6.4.0-31.1.noarch",
                  "product_id": "kernel-source-rt-6.4.0-31.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
                "product": {
                  "name": "kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
                  "product_id": "kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-6.4.0-31.1.x86_64",
                "product": {
                  "name": "kernel-rt-6.4.0-31.1.x86_64",
                  "product_id": "kernel-rt-6.4.0-31.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-6.4.0-31.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-6.4.0-31.1.x86_64",
                  "product_id": "kernel-rt-devel-6.4.0-31.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-6.4.0-31.1.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-6.4.0-31.1.x86_64",
                  "product_id": "kernel-rt-livepatch-6.4.0-31.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.1",
                "product": {
                  "name": "SUSE Linux Micro 6.1",
                  "product_id": "SUSE Linux Micro 6.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-rt-6.4.0-31.1.noarch as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch"
        },
        "product_reference": "kernel-devel-rt-6.4.0-31.1.noarch",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64"
        },
        "product_reference": "kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-6.4.0-31.1.aarch64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64"
        },
        "product_reference": "kernel-rt-6.4.0-31.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-6.4.0-31.1.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64"
        },
        "product_reference": "kernel-rt-6.4.0-31.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-6.4.0-31.1.aarch64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64"
        },
        "product_reference": "kernel-rt-devel-6.4.0-31.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-6.4.0-31.1.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64"
        },
        "product_reference": "kernel-rt-devel-6.4.0-31.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-livepatch-6.4.0-31.1.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64"
        },
        "product_reference": "kernel-rt-livepatch-6.4.0-31.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-6.4.0-31.1.noarch as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        },
        "product_reference": "kernel-source-rt-6.4.0-31.1.noarch",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-53034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-53034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans\n\nThere is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and\nsize. This would make xlate_pos negative.\n\n[   23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000\n[   23.734158] ================================================================================\n[   23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7\n[   23.734418] shift exponent -1 is negative\n\nEnsuring xlate_pos is a positive or zero before BIT.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-53034",
          "url": "https://www.suse.com/security/cve/CVE-2023-53034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241341 for CVE-2023-53034",
          "url": "https://bugzilla.suse.com/1241341"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-53034"
    },
    {
      "cve": "CVE-2024-27018",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27018"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: skip conntrack input hook for promisc packets\n\nFor historical reasons, when bridge device is in promisc mode, packets\nthat are directed to the taps follow bridge input hook path. This patch\nadds a workaround to reset conntrack for these packets.\n\nJianbo Liu reports warning splats in their test infrastructure where\ncloned packets reach the br_netfilter input hook to confirm the\nconntrack object.\n\nScratch one bit from BR_INPUT_SKB_CB to annotate that this packet has\nreached the input hook because it is passed up to the bridge device to\nreach the taps.\n\n[   57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core\n[   57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19\n[   57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[   57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 \u003c0f\u003e 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1\n[   57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202\n[   57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000\n[   57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000\n[   57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003\n[   57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000\n[   57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800\n[   57.582313] FS:  0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000\n[   57.583040] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0\n[   57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[   57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[   57.585440] Call Trace:\n[   57.585721]  \u003cIRQ\u003e\n[   57.585976]  ? __warn+0x7d/0x130\n[   57.586323]  ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.586811]  ? report_bug+0xf1/0x1c0\n[   57.587177]  ? handle_bug+0x3f/0x70\n[   57.587539]  ? exc_invalid_op+0x13/0x60\n[   57.587929]  ? asm_exc_invalid_op+0x16/0x20\n[   57.588336]  ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[   57.588825]  nf_hook_slow+0x3d/0xd0\n[   57.589188]  ? br_handle_vlan+0x4b/0x110\n[   57.589579]  br_pass_frame_up+0xfc/0x150\n[   57.589970]  ? br_port_flags_change+0x40/0x40\n[   57.590396]  br_handle_frame_finish+0x346/0x5e0\n[   57.590837]  ? ipt_do_table+0x32e/0x430\n[   57.591221]  ? br_handle_local_finish+0x20/0x20\n[   57.591656]  br_nf_hook_thresh+0x4b/0xf0 [br_netfilter]\n[   57.592286]  ? br_handle_local_finish+0x20/0x20\n[   57.592802]  br_nf_pre_routing_finish+0x178/0x480 [br_netfilter]\n[   57.593348]  ? br_handle_local_finish+0x20/0x20\n[   57.593782]  ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat]\n[   57.594279]  br_nf_pre_routing+0x24c/0x550 [br_netfilter]\n[   57.594780]  ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter]\n[   57.595280]  br_handle_frame+0x1f3/0x3d0\n[   57.595676]  ? br_handle_local_finish+0x20/0x20\n[   57.596118]  ? br_handle_frame_finish+0x5e0/0x5e0\n[   57.596566]  __netif_receive_skb_core+0x25b/0xfc0\n[   57.597017]  ? __napi_build_skb+0x37/0x40\n[   57.597418]  __netif_receive_skb_list_core+0xfb/0x220",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27018",
          "url": "https://www.suse.com/security/cve/CVE-2024-27018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1223809 for CVE-2024-27018",
          "url": "https://bugzilla.suse.com/1223809"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-27018"
    },
    {
      "cve": "CVE-2024-27415",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27415"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n    macvlan0\n       |\n      br0\n     /  \\\n  ethX    ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n    -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n    interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n    and schedules a work queue to send them out on the lower devices.\n\n    The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n    original skb.  The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table).  This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27415",
          "url": "https://www.suse.com/security/cve/CVE-2024-27415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224757 for CVE-2024-27415",
          "url": "https://bugzilla.suse.com/1224757"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-27415"
    },
    {
      "cve": "CVE-2024-28956",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-28956"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-28956",
          "url": "https://www.suse.com/security/cve/CVE-2024-28956"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242006 for CVE-2024-28956",
          "url": "https://bugzilla.suse.com/1242006"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-28956"
    },
    {
      "cve": "CVE-2024-35840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-35840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()\n\nsubflow_finish_connect() uses four fields (backup, join_id, thmac, none)\nthat may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set\nin mptcp_parse_option()",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-35840",
          "url": "https://www.suse.com/security/cve/CVE-2024-35840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224597 for CVE-2024-35840",
          "url": "https://bugzilla.suse.com/1224597"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-35840"
    },
    {
      "cve": "CVE-2024-46763",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-46763"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Fix null-ptr-deref in GRO.\n\nWe observed a null-ptr-deref in fou_gro_receive() while shutting down\na host.  [0]\n\nThe NULL pointer is sk-\u003esk_user_data, and the offset 8 is of protocol\nin struct fou.\n\nWhen fou_release() is called due to netns dismantle or explicit tunnel\nteardown, udp_tunnel_sock_release() sets NULL to sk-\u003esk_user_data.\nThen, the tunnel socket is destroyed after a single RCU grace period.\n\nSo, in-flight udp4_gro_receive() could find the socket and execute the\nFOU GRO handler, where sk-\u003esk_user_data could be NULL.\n\nLet\u0027s use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL\nchecks in FOU GRO handlers.\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0\nSMP PTI\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1\nHardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017\nRIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou]\nCode: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 \u003c0f\u003e b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42\nRSP: 0018:ffffa330c0003d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010\nRDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08\nRBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002\nR10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400\nR13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0\nFS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)\n ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)\n ? no_context (arch/x86/mm/fault.c:752)\n ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)\n ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)\n ? fou_gro_receive (net/ipv4/fou.c:233) [fou]\n udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)\n udp4_gro_receive (net/ipv4/udp_offload.c:604)\n inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))\n dev_gro_receive (net/core/dev.c:6035 (discriminator 4))\n napi_gro_receive (net/core/dev.c:6170)\n ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]\n ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]\n napi_poll (net/core/dev.c:6847)\n net_rx_action (net/core/dev.c:6917)\n __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)\n asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809)\n\u003c/IRQ\u003e\n do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)\n irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)\n common_interrupt (arch/x86/kernel/irq.c:239)\n asm_common_interrupt (arch/x86/include/asm/idtentry.h:626)\nRIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575)\nCode: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 \u003cfa\u003e c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00\nRSP: 0018:ffffffffb5603e58 EFLAGS: 00000246\nRAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900\nRDX: ffff93daee800000 RSI: ffff93d\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-46763",
          "url": "https://www.suse.com/security/cve/CVE-2024-46763"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230764 for CVE-2024-46763",
          "url": "https://bugzilla.suse.com/1230764"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-46763"
    },
    {
      "cve": "CVE-2024-46865",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-46865"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: fix initialization of grc\n\nThe grc must be initialize first. There can be a condition where if\nfou is NULL, goto out will be executed and grc would be used\nuninitialized.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-46865",
          "url": "https://www.suse.com/security/cve/CVE-2024-46865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1231103 for CVE-2024-46865",
          "url": "https://bugzilla.suse.com/1231103"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-46865"
    },
    {
      "cve": "CVE-2024-50083",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50083"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix mptcp DSS corruption due to large pmtu xmit\n\nSyzkaller was able to trigger a DSS corruption:\n\n  TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.\n  ------------[ cut here ]------------\n  WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n  RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n  Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 \u003c0f\u003e 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff\n  RSP: 0018:ffffc90000006db8 EFLAGS: 00010246\n  RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00\n  RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0\n  RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8\n  R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000\n  R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5\n  FS:  000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   \u003cIRQ\u003e\n   move_skbs_to_msk net/mptcp/protocol.c:811 [inline]\n   mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854\n   subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490\n   tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283\n   tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237\n   tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n   tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350\n   ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n   ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n   NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n   NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n   __netif_receive_skb_one_core net/core/dev.c:5662 [inline]\n   __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775\n   process_backlog+0x662/0x15b0 net/core/dev.c:6107\n   __napi_poll+0xcb/0x490 net/core/dev.c:6771\n   napi_poll net/core/dev.c:6840 [inline]\n   net_rx_action+0x89b/0x1240 net/core/dev.c:6962\n   handle_softirqs+0x2c5/0x980 kernel/softirq.c:554\n   do_softirq+0x11b/0x1e0 kernel/softirq.c:455\n   \u003c/IRQ\u003e\n   \u003cTASK\u003e\n   __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n   local_bh_enable include/linux/bottom_half.h:33 [inline]\n   rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n   __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451\n   dev_queue_xmit include/linux/netdevice.h:3094 [inline]\n   neigh_hh_output include/net/neighbour.h:526 [inline]\n   neigh_output include/net/neighbour.h:540 [inline]\n   ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n   ip_local_out net/ipv4/ip_output.c:130 [inline]\n   __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536\n   __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466\n   tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n   tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline]\n   tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752\n   __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015\n   tcp_push_pending_frames include/net/tcp.h:2107 [inline]\n   tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline]\n   tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239\n   tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n   sk_backlog_rcv include/net/sock.h:1113 [inline]\n   __release_sock+0x214/0x350 net/core/sock.c:3072\n   release_sock+0x61/0x1f0 net/core/sock.c:3626\n   mptcp_push_\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50083",
          "url": "https://www.suse.com/security/cve/CVE-2024-50083"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232493 for CVE-2024-50083",
          "url": "https://bugzilla.suse.com/1232493"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50083"
    },
    {
      "cve": "CVE-2024-50162",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50162"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: devmap: provide rxq after redirect\n\nrxq contains a pointer to the device from where\nthe redirect happened. Currently, the BPF program\nthat was executed after a redirect via BPF_MAP_TYPE_DEVMAP*\ndoes not have it set.\n\nThis is particularly bad since accessing ingress_ifindex, e.g.\n\nSEC(\"xdp\")\nint prog(struct xdp_md *pkt)\n{\n        return bpf_redirect_map(\u0026dev_redirect_map, 0, 0);\n}\n\nSEC(\"xdp/devmap\")\nint prog_after_redirect(struct xdp_md *pkt)\n{\n        bpf_printk(\"ifindex %i\", pkt-\u003eingress_ifindex);\n        return XDP_PASS;\n}\n\ndepends on access to rxq, so a NULL pointer gets dereferenced:\n\n\u003c1\u003e[  574.475170] BUG: kernel NULL pointer dereference, address: 0000000000000000\n\u003c1\u003e[  574.475188] #PF: supervisor read access in kernel mode\n\u003c1\u003e[  574.475194] #PF: error_code(0x0000) - not-present page\n\u003c6\u003e[  574.475199] PGD 0 P4D 0\n\u003c4\u003e[  574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[  574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 Not tainted 6.11.0-rc5-reduced-00859-g780801200300 #23\n\u003c4\u003e[  574.475226] Hardware name: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 03/14/2023\n\u003c4\u003e[  574.475231] Workqueue: mld mld_ifc_work\n\u003c4\u003e[  574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n\u003c4\u003e[  574.475257] Code: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 \u003c48\u003e 8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b\n\u003c4\u003e[  574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206\n\u003c4\u003e[  574.475269] RAX: ffffa62440280cd8 RBX: 0000000000000001 RCX: 0000000000000000\n\u003c4\u003e[  574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0\n\u003c4\u003e[  574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001\n\u003c4\u003e[  574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000\n\u003c4\u003e[  574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000\n\u003c4\u003e[  574.475289] FS:  0000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000\n\u003c4\u003e[  574.475294] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\u003c4\u003e[  574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0\n\u003c4\u003e[  574.475303] PKRU: 55555554\n\u003c4\u003e[  574.475306] Call Trace:\n\u003c4\u003e[  574.475313]  \u003cIRQ\u003e\n\u003c4\u003e[  574.475318]  ? __die+0x23/0x70\n\u003c4\u003e[  574.475329]  ? page_fault_oops+0x180/0x4c0\n\u003c4\u003e[  574.475339]  ? skb_pp_cow_data+0x34c/0x490\n\u003c4\u003e[  574.475346]  ? kmem_cache_free+0x257/0x280\n\u003c4\u003e[  574.475357]  ? exc_page_fault+0x67/0x150\n\u003c4\u003e[  574.475368]  ? asm_exc_page_fault+0x26/0x30\n\u003c4\u003e[  574.475381]  ? bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n\u003c4\u003e[  574.475386]  bq_xmit_all+0x158/0x420\n\u003c4\u003e[  574.475397]  __dev_flush+0x30/0x90\n\u003c4\u003e[  574.475407]  veth_poll+0x216/0x250 [veth]\n\u003c4\u003e[  574.475421]  __napi_poll+0x28/0x1c0\n\u003c4\u003e[  574.475430]  net_rx_action+0x32d/0x3a0\n\u003c4\u003e[  574.475441]  handle_softirqs+0xcb/0x2c0\n\u003c4\u003e[  574.475451]  do_softirq+0x40/0x60\n\u003c4\u003e[  574.475458]  \u003c/IRQ\u003e\n\u003c4\u003e[  574.475461]  \u003cTASK\u003e\n\u003c4\u003e[  574.475464]  __local_bh_enable_ip+0x66/0x70\n\u003c4\u003e[  574.475471]  __dev_queue_xmit+0x268/0xe40\n\u003c4\u003e[  574.475480]  ? selinux_ip_postroute+0x213/0x420\n\u003c4\u003e[  574.475491]  ? alloc_skb_with_frags+0x4a/0x1d0\n\u003c4\u003e[  574.475502]  ip6_finish_output2+0x2be/0x640\n\u003c4\u003e[  574.475512]  ? nf_hook_slow+0x42/0xf0\n\u003c4\u003e[  574.475521]  ip6_finish_output+0x194/0x300\n\u003c4\u003e[  574.475529]  ? __pfx_ip6_finish_output+0x10/0x10\n\u003c4\u003e[  574.475538]  mld_sendpack+0x17c/0x240\n\u003c4\u003e[  574.475548]  mld_ifc_work+0x192/0x410\n\u003c4\u003e[  574.475557]  process_one_work+0x15d/0x380\n\u003c4\u003e[  574.475566]  worker_thread+0x29d/0x3a0\n\u003c4\u003e[  574.475573]  ? __pfx_worker_thread+0x10/0x10\n\u003c4\u003e[  574.475580]  ? __pfx_worker_thread+0x10/0x10\n\u003c4\u003e[  574.475587]  kthread+0xcd/0x100\n\u003c4\u003e[  574.475597]  ? __pfx_kthread+0x10/0x10\n\u003c4\u003e[  574.475606]  ret_from_fork+0x31/0x50\n\u003c4\u003e[  574.475615]  ? __pfx_kthread+0x10/0x10\n\u003c4\u003e[  574.475623]  ret_from_fork_asm+0x1a/0x\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50162",
          "url": "https://www.suse.com/security/cve/CVE-2024-50162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233075 for CVE-2024-50162",
          "url": "https://bugzilla.suse.com/1233075"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50162"
    },
    {
      "cve": "CVE-2024-50163",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50163"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make sure internal and UAPI bpf_redirect flags don\u0027t overlap\n\nThe bpf_redirect_info is shared between the SKB and XDP redirect paths,\nand the two paths use the same numeric flag values in the ri-\u003eflags\nfield (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that\nif skb bpf_redirect_neigh() is used with a non-NULL params argument and,\nsubsequently, an XDP redirect is performed using the same\nbpf_redirect_info struct, the XDP path will get confused and end up\ncrashing, which syzbot managed to trigger.\n\nWith the stack-allocated bpf_redirect_info, the structure is no longer\nshared between the SKB and XDP paths, so the crash doesn\u0027t happen\nanymore. However, different code paths using identically-numbered flag\nvalues in the same struct field still seems like a bit of a mess, so\nthis patch cleans that up by moving the flag definitions together and\nredefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap\nwith the flags used for XDP. It also adds a BUILD_BUG_ON() check to make\nsure the overlap is not re-introduced by mistake.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50163",
          "url": "https://www.suse.com/security/cve/CVE-2024-50163"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233098 for CVE-2024-50163",
          "url": "https://bugzilla.suse.com/1233098"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50163"
    },
    {
      "cve": "CVE-2024-56641",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56641"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: initialize close_work early to avoid warning\n\nWe encountered a warning that close_work was canceled before\ninitialization.\n\n  WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0\n  Workqueue: events smc_lgr_terminate_work [smc]\n  RIP: 0010:__flush_work+0x19e/0x1b0\n  Call Trace:\n   ? __wake_up_common+0x7a/0x190\n   ? work_busy+0x80/0x80\n   __cancel_work_timer+0xe3/0x160\n   smc_close_cancel_work+0x1a/0x70 [smc]\n   smc_close_active_abort+0x207/0x360 [smc]\n   __smc_lgr_terminate.part.38+0xc8/0x180 [smc]\n   process_one_work+0x19e/0x340\n   worker_thread+0x30/0x370\n   ? process_one_work+0x340/0x340\n   kthread+0x117/0x130\n   ? __kthread_cancel_work+0x50/0x50\n   ret_from_fork+0x22/0x30\n\nThis is because when smc_close_cancel_work is triggered, e.g. the RDMA\ndriver is rmmod and the LGR is terminated, the conn-\u003eclose_work is\nflushed before initialization, resulting in WARN_ON(!work-\u003efunc).\n\n__smc_lgr_terminate             | smc_connect_{rdma|ism}\n-------------------------------------------------------------\n                                | smc_conn_create\n\t\t\t\t| \\- smc_lgr_register_conn\nfor conn in lgr-\u003econns_all      |\n\\- smc_conn_kill                |\n   \\- smc_close_active_abort    |\n      \\- smc_close_cancel_work  |\n         \\- cancel_work_sync    |\n            \\- __flush_work     |\n\t         (close_work)   |\n\t                        | smc_close_init\n\t                        | \\- INIT_WORK(\u0026close_work)\n\nSo fix this by initializing close_work before establishing the\nconnection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56641",
          "url": "https://www.suse.com/security/cve/CVE-2024-56641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235526 for CVE-2024-56641",
          "url": "https://bugzilla.suse.com/1235526"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56641"
    },
    {
      "cve": "CVE-2024-56702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL.  However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n  [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56702",
          "url": "https://www.suse.com/security/cve/CVE-2024-56702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235501 for CVE-2024-56702",
          "url": "https://bugzilla.suse.com/1235501"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56702"
    },
    {
      "cve": "CVE-2024-57924",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57924"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem \u003eencode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when -\u003eencode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of -\u003eencode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels \u003c v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels \u003c v6.6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57924",
          "url": "https://www.suse.com/security/cve/CVE-2024-57924"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236086 for CVE-2024-57924",
          "url": "https://bugzilla.suse.com/1236086"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-57924"
    },
    {
      "cve": "CVE-2024-57998",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-57998"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: add index check to assert to avoid buffer overflow in _read_freq()\n\nPass the freq index to the assert function to make sure\nwe do not read a freq out of the opp-\u003erates[] table when called\nfrom the indexed variants:\ndev_pm_opp_find_freq_exact_indexed() or\ndev_pm_opp_find_freq_ceil/floor_indexed().\n\nAdd a secondary parameter to the assert function, unused\nfor assert_single_clk() then add assert_clk_index() which\nwill check for the clock index when called from the _indexed()\nfind functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-57998",
          "url": "https://www.suse.com/security/cve/CVE-2024-57998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238527 for CVE-2024-57998",
          "url": "https://bugzilla.suse.com/1238527"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-57998"
    },
    {
      "cve": "CVE-2024-58001",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58001"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: handle a symlink read error correctly\n\nPatch series \"Convert ocfs2 to use folios\".\n\nMark did a conversion of ocfs2 to use folios and sent it to me as a\ngiant patch for review ;-)\n\nSo I\u0027ve redone it as individual patches, and credited Mark for the patches\nwhere his code is substantially the same.  It\u0027s not a bad way to do it;\nhis patch had some bugs and my patches had some bugs.  Hopefully all our\nbugs were different from each other.  And hopefully Mark likes all the\nchanges I made to his code!\n\n\nThis patch (of 23):\n\nIf we can\u0027t read the buffer, be sure to unlock the page before returning.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58001",
          "url": "https://www.suse.com/security/cve/CVE-2024-58001"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239079 for CVE-2024-58001",
          "url": "https://bugzilla.suse.com/1239079"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "low"
        }
      ],
      "title": "CVE-2024-58001"
    },
    {
      "cve": "CVE-2024-58068",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58068"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized\n\nIf a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth\nfrom the OPP table but the bandwidth table was not created because the\ninterconnect properties were missing in the OPP consumer node, the\nkernel will crash with:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n...\npc : _read_bw+0x8/0x10\nlr : _opp_table_find_key+0x9c/0x174\n...\nCall trace:\n  _read_bw+0x8/0x10 (P)\n  _opp_table_find_key+0x9c/0x174 (L)\n  _find_key+0x98/0x168\n  dev_pm_opp_find_bw_ceil+0x50/0x88\n...\n\nIn order to fix the crash, create an assert function to check\nif the bandwidth table was created before trying to get a\nbandwidth with _read_bw().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58068",
          "url": "https://www.suse.com/security/cve/CVE-2024-58068"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238961 for CVE-2024-58068",
          "url": "https://bugzilla.suse.com/1238961"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58068"
    },
    {
      "cve": "CVE-2024-58070",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58070"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT\n\nIn PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible\ncontext. bpf_mem_alloc must be used in PREEMPT_RT. This patch is\nto enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT\nis enabled.\n\n[   35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[   35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs\n[   35.118569] preempt_count: 1, expected: 0\n[   35.118571] RCU nest depth: 1, expected: 1\n[   35.118577] INFO: lockdep is turned off.\n    ...\n[   35.118647]  __might_resched+0x433/0x5b0\n[   35.118677]  rt_spin_lock+0xc3/0x290\n[   35.118700]  ___slab_alloc+0x72/0xc40\n[   35.118723]  __kmalloc_noprof+0x13f/0x4e0\n[   35.118732]  bpf_map_kzalloc+0xe5/0x220\n[   35.118740]  bpf_selem_alloc+0x1d2/0x7b0\n[   35.118755]  bpf_local_storage_update+0x2fa/0x8b0\n[   35.118784]  bpf_sk_storage_get_tracing+0x15a/0x1d0\n[   35.118791]  bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66\n[   35.118795]  bpf_trace_run3+0x222/0x400\n[   35.118820]  __bpf_trace_inet_sock_set_state+0x11/0x20\n[   35.118824]  trace_inet_sock_set_state+0x112/0x130\n[   35.118830]  inet_sk_state_store+0x41/0x90\n[   35.118836]  tcp_set_state+0x3b3/0x640\n\nThere is no need to adjust the gfp_flags passing to the\nbpf_mem_cache_alloc_flags() which only honors the GFP_KERNEL.\nThe verifier has ensured GFP_KERNEL is passed only in sleepable context.\n\nIt has been an old issue since the first introduction of the\nbpf_local_storage ~5 years ago, so this patch targets the bpf-next.\n\nbpf_mem_alloc is needed to solve it, so the Fixes tag is set\nto the commit when bpf_mem_alloc was first used in the bpf_local_storage.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58070",
          "url": "https://www.suse.com/security/cve/CVE-2024-58070"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238983 for CVE-2024-58070",
          "url": "https://bugzilla.suse.com/1238983"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58070"
    },
    {
      "cve": "CVE-2024-58088",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58088"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix deadlock when freeing cgroup storage\n\nThe following commit\nbc235cdb423a (\"bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]\")\nfirst introduced deadlock prevention for fentry/fexit programs attaching\non bpf_task_storage helpers. That commit also employed the logic in map\nfree path in its v6 version.\n\nLater bpf_cgrp_storage was first introduced in\nc4bcfb38a95e (\"bpf: Implement cgroup storage available to non-cgroup-attached bpf progs\")\nwhich faces the same issue as bpf_task_storage, instead of its busy\ncounter, NULL was passed to bpf_local_storage_map_free() which opened\na window to cause deadlock:\n\n\t\u003cTASK\u003e\n\t\t(acquiring local_storage-\u003elock)\n\t_raw_spin_lock_irqsave+0x3d/0x50\n\tbpf_local_storage_update+0xd1/0x460\n\tbpf_cgrp_storage_get+0x109/0x130\n\tbpf_prog_a4d4a370ba857314_cgrp_ptr+0x139/0x170\n\t? __bpf_prog_enter_recur+0x16/0x80\n\tbpf_trampoline_6442485186+0x43/0xa4\n\tcgroup_storage_ptr+0x9/0x20\n\t\t(holding local_storage-\u003elock)\n\tbpf_selem_unlink_storage_nolock.constprop.0+0x135/0x160\n\tbpf_selem_unlink_storage+0x6f/0x110\n\tbpf_local_storage_map_free+0xa2/0x110\n\tbpf_map_free_deferred+0x5b/0x90\n\tprocess_one_work+0x17c/0x390\n\tworker_thread+0x251/0x360\n\tkthread+0xd2/0x100\n\tret_from_fork+0x34/0x50\n\tret_from_fork_asm+0x1a/0x30\n\t\u003c/TASK\u003e\n\nProgs:\n - A: SEC(\"fentry/cgroup_storage_ptr\")\n   - cgid (BPF_MAP_TYPE_HASH)\n\tRecord the id of the cgroup the current task belonging\n\tto in this hash map, using the address of the cgroup\n\tas the map key.\n   - cgrpa (BPF_MAP_TYPE_CGRP_STORAGE)\n\tIf current task is a kworker, lookup the above hash\n\tmap using function parameter @owner as the key to get\n\tits corresponding cgroup id which is then used to get\n\ta trusted pointer to the cgroup through\n\tbpf_cgroup_from_id(). This trusted pointer can then\n\tbe passed to bpf_cgrp_storage_get() to finally trigger\n\tthe deadlock issue.\n - B: SEC(\"tp_btf/sys_enter\")\n   - cgrpb (BPF_MAP_TYPE_CGRP_STORAGE)\n\tThe only purpose of this prog is to fill Prog A\u0027s\n\thash map by calling bpf_cgrp_storage_get() for as\n\tmany userspace tasks as possible.\n\nSteps to reproduce:\n - Run A;\n - while (true) { Run B; Destroy B; }\n\nFix this issue by passing its busy counter to the free procedure so\nit can be properly incremented before storage/smap locking.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58088",
          "url": "https://www.suse.com/security/cve/CVE-2024-58088"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239510 for CVE-2024-58088",
          "url": "https://bugzilla.suse.com/1239510"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58088"
    },
    {
      "cve": "CVE-2024-58093",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58093"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink-\u003edownstream would point to free\u0027d memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58093",
          "url": "https://www.suse.com/security/cve/CVE-2024-58093"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241347 for CVE-2024-58093",
          "url": "https://bugzilla.suse.com/1241347"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58093"
    },
    {
      "cve": "CVE-2024-58094",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58094"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n  jfs_write_failed() {\n    jfs_truncate() {\n      jfs_truncate_nolock() {\n        txEnd() {\n          ...\n          log = JFS_SBI(tblk-\u003esb)-\u003elog;\n          // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58094",
          "url": "https://www.suse.com/security/cve/CVE-2024-58094"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241443 for CVE-2024-58094",
          "url": "https://bugzilla.suse.com/1241443"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58094"
    },
    {
      "cve": "CVE-2024-58095",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58095"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58095",
          "url": "https://www.suse.com/security/cve/CVE-2024-58095"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241442 for CVE-2024-58095",
          "url": "https://bugzilla.suse.com/1241442"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58095"
    },
    {
      "cve": "CVE-2024-58096",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58096"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng-\u003elock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng-\u003elock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng-\u003elock for them to avoid such warnings.\n\nInorder to fetch the srng-\u003elock, should change srng\u0027s definition from\n\u0027void\u0027 to \u0027struct hal_srng\u0027. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58096",
          "url": "https://www.suse.com/security/cve/CVE-2024-58096"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241344 for CVE-2024-58096",
          "url": "https://bugzilla.suse.com/1241344"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58096"
    },
    {
      "cve": "CVE-2024-58097",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58097"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58097",
          "url": "https://www.suse.com/security/cve/CVE-2024-58097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241343 for CVE-2024-58097",
          "url": "https://bugzilla.suse.com/1241343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58097"
    },
    {
      "cve": "CVE-2025-21683",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21683"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_sk_select_reuseport() memory leak\n\nAs pointed out in the original comment, lookup in sockmap can return a TCP\nESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF\nset before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb\ndoes not imply a non-refcounted socket.\n\nDrop sk\u0027s reference in both error paths.\n\nunreferenced object 0xffff888101911800 (size 2048):\n  comm \"test_progs\", pid 44109, jiffies 4297131437\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 9336483b):\n    __kmalloc_noprof+0x3bf/0x560\n    __reuseport_alloc+0x1d/0x40\n    reuseport_alloc+0xca/0x150\n    reuseport_attach_prog+0x87/0x140\n    sk_reuseport_attach_bpf+0xc8/0x100\n    sk_setsockopt+0x1181/0x1990\n    do_sock_setsockopt+0x12b/0x160\n    __sys_setsockopt+0x7b/0xc0\n    __x64_sys_setsockopt+0x1b/0x30\n    do_syscall_64+0x93/0x180\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21683",
          "url": "https://www.suse.com/security/cve/CVE-2025-21683"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236704 for CVE-2025-21683",
          "url": "https://bugzilla.suse.com/1236704"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-21683"
    },
    {
      "cve": "CVE-2025-21696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: clear uffd-wp PTE/PMD state on mremap()\n\nWhen mremap()ing a memory region previously registered with userfaultfd as\nwrite-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in\nflag clearing leads to a mismatch between the vma flags (which have\nuffd-wp cleared) and the pte/pmd flags (which do not have uffd-wp\ncleared).  This mismatch causes a subsequent mprotect(PROT_WRITE) to\ntrigger a warning in page_table_check_pte_flags() due to setting the pte\nto writable while uffd-wp is still set.\n\nFix this by always explicitly clearing the uffd-wp pte/pmd flags on any\nsuch mremap() so that the values are consistent with the existing clearing\nof VM_UFFD_WP.  Be careful to clear the logical flag regardless of its\nphysical form; a PTE bit, a swap PTE bit, or a PTE marker.  Cover PTE,\nhuge PMD and hugetlb paths.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21696",
          "url": "https://www.suse.com/security/cve/CVE-2025-21696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237111 for CVE-2025-21696",
          "url": "https://bugzilla.suse.com/1237111"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21696"
    },
    {
      "cve": "CVE-2025-21707",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21707"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: consolidate suboption status\n\nMPTCP maintains the received sub-options status is the bitmask carrying\nthe received suboptions and in several bitfields carrying per suboption\nadditional info.\n\nZeroing the bitmask before parsing is not enough to ensure a consistent\nstatus, and the MPTCP code has to additionally clear some bitfiled\ndepending on the actually parsed suboption.\n\nThe above schema is fragile, and syzbot managed to trigger a path where\na relevant bitfield is not cleared/initialized:\n\n  BUG: KMSAN: uninit-value in __mptcp_expand_seq net/mptcp/options.c:1030 [inline]\n  BUG: KMSAN: uninit-value in mptcp_expand_seq net/mptcp/protocol.h:864 [inline]\n  BUG: KMSAN: uninit-value in ack_update_msk net/mptcp/options.c:1060 [inline]\n  BUG: KMSAN: uninit-value in mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209\n   __mptcp_expand_seq net/mptcp/options.c:1030 [inline]\n   mptcp_expand_seq net/mptcp/protocol.h:864 [inline]\n   ack_update_msk net/mptcp/options.c:1060 [inline]\n   mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209\n   tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233\n   tcp_rcv_established+0x1061/0x2510 net/ipv4/tcp_input.c:6264\n   tcp_v4_do_rcv+0x7f3/0x11a0 net/ipv4/tcp_ipv4.c:1916\n   tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351\n   ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205\n   ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233\n   NF_HOOK include/linux/netfilter.h:314 [inline]\n   ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n   dst_input include/net/dst.h:460 [inline]\n   ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447\n   NF_HOOK include/linux/netfilter.h:314 [inline]\n   ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567\n   __netif_receive_skb_one_core net/core/dev.c:5704 [inline]\n   __netif_receive_skb+0x319/0xa00 net/core/dev.c:5817\n   process_backlog+0x4ad/0xa50 net/core/dev.c:6149\n   __napi_poll+0xe7/0x980 net/core/dev.c:6902\n   napi_poll net/core/dev.c:6971 [inline]\n   net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093\n   handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n   __do_softirq+0x14/0x1a kernel/softirq.c:595\n   do_softirq+0x9a/0x100 kernel/softirq.c:462\n   __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n   local_bh_enable include/linux/bottom_half.h:33 [inline]\n   rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n   __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4493\n   dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n   neigh_hh_output include/net/neighbour.h:523 [inline]\n   neigh_output include/net/neighbour.h:537 [inline]\n   ip_finish_output2+0x187c/0x1b70 net/ipv4/ip_output.c:236\n   __ip_finish_output+0x287/0x810\n   ip_finish_output+0x4b/0x600 net/ipv4/ip_output.c:324\n   NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n   ip_output+0x15f/0x3f0 net/ipv4/ip_output.c:434\n   dst_output include/net/dst.h:450 [inline]\n   ip_local_out net/ipv4/ip_output.c:130 [inline]\n   __ip_queue_xmit+0x1f2a/0x20d0 net/ipv4/ip_output.c:536\n   ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:550\n   __tcp_transmit_skb+0x3cea/0x4900 net/ipv4/tcp_output.c:1468\n   tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]\n   tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829\n   __tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012\n   tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618\n   __tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130\n   __mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496\n   mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550\n   mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889\n   mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [inline]\n   mptcp_pm_flush_addrs_and_subflows net/mptcp/pm_netlink.c:1688 [inline]\n   mptcp_nl_flush_addrs_list net/mptcp/pm_netlink.c:1709 [inline]\n   mptcp_pm_nl_flush_addrs_doit+0xe10/0x1630 net/mptcp/pm_netlink.c:1750\n   genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21707",
          "url": "https://www.suse.com/security/cve/CVE-2025-21707"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238862 for CVE-2025-21707",
          "url": "https://bugzilla.suse.com/1238862"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21707"
    },
    {
      "cve": "CVE-2025-21758",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21758"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: add RCU protection to mld_newpack()\n\nmld_newpack() can be called without RTNL or RCU being held.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21758",
          "url": "https://www.suse.com/security/cve/CVE-2025-21758"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238737 for CVE-2025-21758",
          "url": "https://bugzilla.suse.com/1238737"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21758"
    },
    {
      "cve": "CVE-2025-21768",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21768"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels\n\nSome lwtunnels have a dst cache for post-transformation dst.\nIf the packet destination did not change we may end up recording\na reference to the lwtunnel in its own cache, and the lwtunnel\nstate will never be freed.\n\nDiscovered by the ioam6.sh test, kmemleak was recently fixed\nto catch per-cpu memory leaks. I\u0027m not sure if rpl and seg6\ncan actually hit this, but in principle I don\u0027t see why not.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21768",
          "url": "https://www.suse.com/security/cve/CVE-2025-21768"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238714 for CVE-2025-21768",
          "url": "https://bugzilla.suse.com/1238714"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21768"
    },
    {
      "cve": "CVE-2025-21792",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21792"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt\n\nIf an AX25 device is bound to a socket by setting the SO_BINDTODEVICE\nsocket option, a refcount leak will occur in ax25_release().\n\nCommit 9fd75b66b8f6 (\"ax25: Fix refcount leaks caused by ax25_cb_del()\")\nadded decrement of device refcounts in ax25_release(). In order for that\nto work correctly the refcounts must already be incremented when the\ndevice is bound to the socket. An AX25 device can be bound to a socket\nby either calling ax25_bind() or setting SO_BINDTODEVICE socket option.\nIn both cases the refcounts should be incremented, but in fact it is done\nonly in ax25_bind().\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nModules linked in:\nCPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4156 [inline]\n netdev_put include/linux/netdevice.h:4173 [inline]\n netdev_put include/linux/netdevice.h:4169 [inline]\n ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069\n __sock_release+0xb0/0x270 net/socket.c:640\n sock_close+0x1c/0x30 net/socket.c:1408\n ...\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nFix the implementation of ax25_setsockopt() by adding increment of\nrefcounts for the new device bound, and decrement of refcounts for\nthe old unbound device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21792",
          "url": "https://www.suse.com/security/cve/CVE-2025-21792"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238745 for CVE-2025-21792",
          "url": "https://bugzilla.suse.com/1238745"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21792"
    },
    {
      "cve": "CVE-2025-21808",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21808"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xdp: Disallow attaching device-bound programs in generic mode\n\nDevice-bound programs are used to support RX metadata kfuncs. These\nkfuncs are driver-specific and rely on the driver context to read the\nmetadata. This means they can\u0027t work in generic XDP mode. However, there\nis no check to disallow such programs from being attached in generic\nmode, in which case the metadata kfuncs will be called in an invalid\ncontext, leading to crashes.\n\nFix this by adding a check to disallow attaching device-bound programs\nin generic mode.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21808",
          "url": "https://www.suse.com/security/cve/CVE-2025-21808"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238742 for CVE-2025-21808",
          "url": "https://bugzilla.suse.com/1238742"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21808"
    },
    {
      "cve": "CVE-2025-21812",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21812"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: rcu protect dev-\u003eax25_ptr\n\nsyzbot found a lockdep issue [1].\n\nWe should remove ax25 RTNL dependency in ax25_setsockopt()\n\nThis should also fix a variety of possible UAF in ax25.\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted\n------------------------------------------------------\nsyz.5.1818/12806 is trying to acquire lock:\n ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n\nbut task is already holding lock:\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (sk_lock-AF_AX25){+.+.}-{0:0}:\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n        lock_sock_nested+0x48/0x100 net/core/sock.c:3642\n        lock_sock include/net/sock.h:1618 [inline]\n        ax25_kill_by_device net/ax25/af_ax25.c:101 [inline]\n        ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146\n        notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85\n       __dev_notify_flags+0x207/0x400\n        dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026\n        dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563\n        dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820\n        sock_do_ioctl+0x240/0x460 net/socket.c:1234\n        sock_ioctl+0x626/0x8e0 net/socket.c:1339\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:906 [inline]\n        __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (rtnl_mutex){+.+.}-{4:4}:\n        check_prev_add kernel/locking/lockdep.c:3161 [inline]\n        check_prevs_add kernel/locking/lockdep.c:3280 [inline]\n        validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904\n        __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n        __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n        __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735\n        ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n        do_sock_setsockopt+0x3af/0x720 net/socket.c:2324\n        __sys_setsockopt net/socket.c:2349 [inline]\n        __do_sys_setsockopt net/socket.c:2355 [inline]\n        __se_sys_setsockopt net/socket.c:2352 [inline]\n        __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(sk_lock-AF_AX25);\n                               lock(rtnl_mutex);\n                               lock(sk_lock-AF_AX25);\n  lock(rtnl_mutex);\n\n *** DEADLOCK ***\n\n1 lock held by syz.5.1818/12806:\n  #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n  #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:94 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n  print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074\n  check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206\n  check_prev_add kernel/locking/lockdep.c:3161 [inline]\n  check_prevs_add kernel/lockin\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21812",
          "url": "https://www.suse.com/security/cve/CVE-2025-21812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238471 for CVE-2025-21812",
          "url": "https://bugzilla.suse.com/1238471"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240736 for CVE-2025-21812",
          "url": "https://bugzilla.suse.com/1240736"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-21812"
    },
    {
      "cve": "CVE-2025-21833",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21833"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\n\nThere is a WARN_ON_ONCE to catch an unlikely situation when\ndomain_remove_dev_pasid can\u0027t find the `pasid`. In case it nevertheless\nhappens we must avoid using a NULL pointer.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21833",
          "url": "https://www.suse.com/security/cve/CVE-2025-21833"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239108 for CVE-2025-21833",
          "url": "https://bugzilla.suse.com/1239108"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21833"
    },
    {
      "cve": "CVE-2025-21852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Add rx_skb of kfree_skb to raw_tp_null_args[].\n\nYan Zhai reported a BPF prog could trigger a null-ptr-deref [0]\nin trace_kfree_skb if the prog does not check if rx_sk is NULL.\n\nCommit c53795d48ee8 (\"net: add rx_sk to trace_kfree_skb\") added\nrx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL.\n\nLet\u0027s add kfree_skb to raw_tp_null_args[] to let the BPF verifier\nvalidate such a prog and prevent the issue.\n\nNow we fail to load such a prog:\n\n  libbpf: prog \u0027drop\u0027: -- BEGIN PROG LOAD LOG --\n  0: R1=ctx() R10=fp0\n  ; int BPF_PROG(drop, struct sk_buff *skb, void *location, @ kfree_skb_sk_null.bpf.c:21\n  0: (79) r3 = *(u64 *)(r1 +24)\n  func \u0027kfree_skb\u0027 arg3 has btf_id 5253 type STRUCT \u0027sock\u0027\n  1: R1=ctx() R3_w=trusted_ptr_or_null_sock(id=1)\n  ; bpf_printk(\"sk: %d, %d\\n\", sk, sk-\u003e__sk_common.skc_family); @ kfree_skb_sk_null.bpf.c:24\n  1: (69) r4 = *(u16 *)(r3 +16)\n  R3 invalid mem access \u0027trusted_ptr_or_null_\u0027\n  processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0\n  -- END PROG LOAD LOG --\n\nNote this fix requires commit 838a10bd2ebf (\"bpf: Augment raw_tp\narguments with PTR_MAYBE_NULL\").\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000010\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nPREEMPT SMP\nRIP: 0010:bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x60\n ? page_fault_oops+0x148/0x420\n ? search_bpf_extables+0x5b/0x70\n ? fixup_exception+0x27/0x2c0\n ? exc_page_fault+0x75/0x170\n ? asm_exc_page_fault+0x22/0x30\n ? bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d\n bpf_trace_run4+0x68/0xd0\n ? unix_stream_connect+0x1f4/0x6f0\n sk_skb_reason_drop+0x90/0x120\n unix_stream_connect+0x1f4/0x6f0\n __sys_connect+0x7f/0xb0\n __x64_sys_connect+0x14/0x20\n do_syscall_64+0x47/0xc30\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21852",
          "url": "https://www.suse.com/security/cve/CVE-2025-21852"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239487 for CVE-2025-21852",
          "url": "https://bugzilla.suse.com/1239487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21852"
    },
    {
      "cve": "CVE-2025-21853",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21853"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: avoid holding freeze_mutex during mmap operation\n\nWe use map-\u003efreeze_mutex to prevent races between map_freeze() and\nmemory mapping BPF map contents with writable permissions. The way we\nnaively do this means we\u0027ll hold freeze_mutex for entire duration of all\nthe mm and VMA manipulations, which is completely unnecessary. This can\npotentially also lead to deadlocks, as reported by syzbot in [0].\n\nSo, instead, hold freeze_mutex only during writeability checks, bump\n(proactively) \"write active\" count for the map, unlock the mutex and\nproceed with mmap logic. And only if something went wrong during mmap\nlogic, then undo that \"write active\" counter increment.\n\n  [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21853",
          "url": "https://www.suse.com/security/cve/CVE-2025-21853"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239476 for CVE-2025-21853",
          "url": "https://bugzilla.suse.com/1239476"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21853"
    },
    {
      "cve": "CVE-2025-21854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsockmap, vsock: For connectible sockets allow only connected\n\nsockmap expects all vsocks to have a transport assigned, which is expressed\nin vsock_proto::psock_update_sk_prot(). However, there is an edge case\nwhere an unconnected (connectible) socket may lose its previously assigned\ntransport. This is handled with a NULL check in the vsock/BPF recv path.\n\nAnother design detail is that listening vsocks are not supposed to have any\ntransport assigned at all. Which implies they are not supported by the\nsockmap. But this is complicated by the fact that a socket, before\nswitching to TCP_LISTEN, may have had some transport assigned during a\nfailed connect() attempt. Hence, we may end up with a listening vsock in a\nsockmap, which blows up quickly:\n\nKASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127]\nCPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:vsock_read_skb+0x4b/0x90\nCall Trace:\n sk_psock_verdict_data_ready+0xa4/0x2e0\n virtio_transport_recv_pkt+0x1ca8/0x2acc\n vsock_loopback_work+0x27d/0x3f0\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x35a/0x700\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nFor connectible sockets, instead of relying solely on the state of\nvsk-\u003etransport, tell sockmap to only allow those representing established\nconnections. This aligns with the behaviour for AF_INET and AF_UNIX.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21854",
          "url": "https://www.suse.com/security/cve/CVE-2025-21854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239470 for CVE-2025-21854",
          "url": "https://bugzilla.suse.com/1239470"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21854"
    },
    {
      "cve": "CVE-2025-21867",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21867"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()\n\nKMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The\ncause of the issue was that eth_skb_pkt_type() accessed skb\u0027s data\nthat didn\u0027t contain an Ethernet header. This occurs when\nbpf_prog_test_run_xdp() passes an invalid value as the user_data\nargument to bpf_test_init().\n\nFix this by returning an error when user_data is less than ETH_HLEN in\nbpf_test_init(). Additionally, remove the check for \"if (user_size \u003e\nsize)\" as it is unnecessary.\n\n[1]\nBUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]\nBUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165\n eth_skb_pkt_type include/linux/etherdevice.h:627 [inline]\n eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165\n __xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635\n xdp_recv_frames net/bpf/test_run.c:272 [inline]\n xdp_test_run_batch net/bpf/test_run.c:361 [inline]\n bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390\n bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318\n bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371\n __sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777\n __do_sys_bpf kernel/bpf/syscall.c:5866 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5864 [inline]\n __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864\n x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1056 [inline]\n free_unref_page+0x156/0x1320 mm/page_alloc.c:2657\n __free_pages+0xa3/0x1b0 mm/page_alloc.c:4838\n bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]\n ringbuf_map_free+0xff/0x1e0 kernel/bpf/ringbuf.c:235\n bpf_map_free kernel/bpf/syscall.c:838 [inline]\n bpf_map_free_deferred+0x17c/0x310 kernel/bpf/syscall.c:862\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa2b/0x1b60 kernel/workqueue.c:3310\n worker_thread+0xedf/0x1550 kernel/workqueue.c:3391\n kthread+0x535/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x6e/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nCPU: 1 UID: 0 PID: 17276 Comm: syz.1.16450 Not tainted 6.12.0-05490-g9bb88c659673 #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21867",
          "url": "https://www.suse.com/security/cve/CVE-2025-21867"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240181 for CVE-2025-21867",
          "url": "https://bugzilla.suse.com/1240181"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21867"
    },
    {
      "cve": "CVE-2025-21904",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21904"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncaif_virtio: fix wrong pointer check in cfv_probe()\n\ndel_vqs() frees virtqueues, therefore cfv-\u003evq_tx pointer should be checked\nfor NULL before calling it, not cfv-\u003evdev. Also the current implementation\nis redundant because the pointer cfv-\u003evdev is dereferenced before it is\nchecked for NULL.\n\nFix this by checking cfv-\u003evq_tx for NULL instead of cfv-\u003evdev before\ncalling del_vqs().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21904",
          "url": "https://www.suse.com/security/cve/CVE-2025-21904"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240576 for CVE-2025-21904",
          "url": "https://bugzilla.suse.com/1240576"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21904"
    },
    {
      "cve": "CVE-2025-21925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: do not use skb_get() before dev_queue_xmit()\n\nsyzbot is able to crash hosts [1], using llc and devices\nnot supporting IFF_TX_SKB_SHARING.\n\nIn this case, e1000 driver calls eth_skb_pad(), while\nthe skb is shared.\n\nSimply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c\n\nNote that e1000 driver might have an issue with pktgen,\nbecause it does not clear IFF_TX_SKB_SHARING, this is an\northogonal change.\n\nWe need to audit other skb_get() uses in net/llc.\n\n[1]\n\nkernel BUG at net/core/skbuff.c:2178 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178\nCall Trace:\n \u003cTASK\u003e\n  __skb_pad+0x18a/0x610 net/core/skbuff.c:2466\n  __skb_put_padto include/linux/skbuff.h:3843 [inline]\n  skb_put_padto include/linux/skbuff.h:3862 [inline]\n  eth_skb_pad include/linux/etherdevice.h:656 [inline]\n  e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128\n  __netdev_start_xmit include/linux/netdevice.h:5151 [inline]\n  netdev_start_xmit include/linux/netdevice.h:5160 [inline]\n  xmit_one net/core/dev.c:3806 [inline]\n  dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822\n  sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n  __dev_xmit_skb net/core/dev.c:4045 [inline]\n  __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621\n  dev_queue_xmit include/linux/netdevice.h:3313 [inline]\n  llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144\n  llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n  llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n  llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209\n  llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993\n  sock_sendmsg_nosec net/socket.c:718 [inline]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21925",
          "url": "https://www.suse.com/security/cve/CVE-2025-21925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240713 for CVE-2025-21925",
          "url": "https://bugzilla.suse.com/1240713"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21925"
    },
    {
      "cve": "CVE-2025-21926",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21926"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: fix ownership in __udp_gso_segment\n\nIn __udp_gso_segment the skb destructor is removed before segmenting the\nskb but the socket reference is kept as-is. This is an issue if the\noriginal skb is later orphaned as we can hit the following bug:\n\n  kernel BUG at ./include/linux/skbuff.h:3312!  (skb_orphan)\n  RIP: 0010:ip_rcv_core+0x8b2/0xca0\n  Call Trace:\n   ip_rcv+0xab/0x6e0\n   __netif_receive_skb_one_core+0x168/0x1b0\n   process_backlog+0x384/0x1100\n   __napi_poll.constprop.0+0xa1/0x370\n   net_rx_action+0x925/0xe50\n\nThe above can happen following a sequence of events when using\nOpenVSwitch, when an OVS_ACTION_ATTR_USERSPACE action precedes an\nOVS_ACTION_ATTR_OUTPUT action:\n\n1. OVS_ACTION_ATTR_USERSPACE is handled (in do_execute_actions): the skb\n   goes through queue_gso_packets and then __udp_gso_segment, where its\n   destructor is removed.\n2. The segments\u0027 data are copied and sent to userspace.\n3. OVS_ACTION_ATTR_OUTPUT is handled (in do_execute_actions) and the\n   same original skb is sent to its path.\n4. If it later hits skb_orphan, we hit the bug.\n\nFix this by also removing the reference to the socket in\n__udp_gso_segment.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21926",
          "url": "https://www.suse.com/security/cve/CVE-2025-21926"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240712 for CVE-2025-21926",
          "url": "https://bugzilla.suse.com/1240712"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21926"
    },
    {
      "cve": "CVE-2025-21931",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21931"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\n\nCommit b15c87263a69 (\"hwpoison, memory_hotplug: allow hwpoisoned pages to\nbe offlined) add page poison checks in do_migrate_range in order to make\noffline hwpoisoned page possible by introducing isolate_lru_page and\ntry_to_unmap for hwpoisoned page.  However folio lock must be held before\ncalling try_to_unmap.  Add it to fix this problem.\n\nWarning will be produced if folio is not locked during unmap:\n\n  ------------[ cut here ]------------\n  kernel BUG at ./include/linux/swapops.h:400!\n  Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n  Modules linked in:\n  CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G        W          6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\n  Tainted: [W]=WARN\n  Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n  pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : try_to_unmap_one+0xb08/0xd3c\n  lr : try_to_unmap_one+0x3dc/0xd3c\n  Call trace:\n   try_to_unmap_one+0xb08/0xd3c (P)\n   try_to_unmap_one+0x3dc/0xd3c (L)\n   rmap_walk_anon+0xdc/0x1f8\n   rmap_walk+0x3c/0x58\n   try_to_unmap+0x88/0x90\n   unmap_poisoned_folio+0x30/0xa8\n   do_migrate_range+0x4a0/0x568\n   offline_pages+0x5a4/0x670\n   memory_block_action+0x17c/0x374\n   memory_subsys_offline+0x3c/0x78\n   device_offline+0xa4/0xd0\n   state_store+0x8c/0xf0\n   dev_attr_store+0x18/0x2c\n   sysfs_kf_write+0x44/0x54\n   kernfs_fop_write_iter+0x118/0x1a8\n   vfs_write+0x3a8/0x4bc\n   ksys_write+0x6c/0xf8\n   __arm64_sys_write+0x1c/0x28\n   invoke_syscall+0x44/0x100\n   el0_svc_common.constprop.0+0x40/0xe0\n   do_el0_svc+0x1c/0x28\n   el0_svc+0x30/0xd0\n   el0t_64_sync_handler+0xc8/0xcc\n   el0t_64_sync+0x198/0x19c\n  Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\n  ---[ end trace 0000000000000000 ]---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21931",
          "url": "https://www.suse.com/security/cve/CVE-2025-21931"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240709 for CVE-2025-21931",
          "url": "https://bugzilla.suse.com/1240709"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21931"
    },
    {
      "cve": "CVE-2025-21962",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21962"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing closetimeo mount option\n\nUser-provided mount parameter closetimeo of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21962",
          "url": "https://www.suse.com/security/cve/CVE-2025-21962"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240655 for CVE-2025-21962",
          "url": "https://bugzilla.suse.com/1240655"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21962"
    },
    {
      "cve": "CVE-2025-21963",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21963"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acdirmax mount option\n\nUser-provided mount parameter acdirmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21963",
          "url": "https://www.suse.com/security/cve/CVE-2025-21963"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240717 for CVE-2025-21963",
          "url": "https://bugzilla.suse.com/1240717"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21963"
    },
    {
      "cve": "CVE-2025-21964",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21964"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acregmax mount option\n\nUser-provided mount parameter acregmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21964",
          "url": "https://www.suse.com/security/cve/CVE-2025-21964"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240740 for CVE-2025-21964",
          "url": "https://bugzilla.suse.com/1240740"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21964"
    },
    {
      "cve": "CVE-2025-21980",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21980"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: address a potential NULL pointer dereference in the GRED scheduler.\n\nIf kzalloc in gred_init returns a NULL pointer, the code follows the\nerror handling path, invoking gred_destroy. This, in turn, calls\ngred_offload, where memset could receive a NULL pointer as input,\npotentially leading to a kernel crash.\n\nWhen table-\u003eopt is NULL in gred_init(), gred_change_table_def()\nis not called yet, so it is not necessary to call -\u003endo_setup_tc()\nin gred_offload().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21980",
          "url": "https://www.suse.com/security/cve/CVE-2025-21980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240809 for CVE-2025-21980",
          "url": "https://bugzilla.suse.com/1240809"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21980"
    },
    {
      "cve": "CVE-2025-21985",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21985"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix out-of-bound accesses\n\n[WHAT \u0026 HOW]\nhpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4),\nbut location can have size up to 6. As a result, it is necessary to\ncheck location against MAX_HPO_DP2_ENCODERS.\n\nSimiliarly, disp_cfg_stream_location can be used as an array index which\nshould be 0..5, so the ASSERT\u0027s conditions should be less without equal.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21985",
          "url": "https://www.suse.com/security/cve/CVE-2025-21985"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240811 for CVE-2025-21985",
          "url": "https://bugzilla.suse.com/1240811"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21985"
    },
    {
      "cve": "CVE-2025-21999",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21999"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: fix UAF in proc_get_inode()\n\nFix race between rmmod and /proc/XXX\u0027s inode instantiation.\n\nThe bug is that pde-\u003eproc_ops don\u0027t belong to /proc, it belongs to a\nmodule, therefore dereferencing it after /proc entry has been registered\nis a bug unless use_pde/unuse_pde() pair has been used.\n\nuse_pde/unuse_pde can be avoided (2 atomic ops!) because pde-\u003eproc_ops\nnever changes so information necessary for inode instantiation can be\nsaved _before_ proc_register() in PDE itself and used later, avoiding\npde-\u003eproc_ops-\u003e...  dereference.\n\n      rmmod                         lookup\nsys_delete_module\n                         proc_lookup_de\n\t\t\t   pde_get(de);\n\t\t\t   proc_get_inode(dir-\u003ei_sb, de);\n  mod-\u003eexit()\n    proc_remove\n      remove_proc_subtree\n       proc_entry_rundown(de);\n  free_module(mod);\n\n                               if (S_ISREG(inode-\u003ei_mode))\n\t                         if (de-\u003eproc_ops-\u003eproc_read_iter)\n                           --\u003e As module is already freed, will trigger UAF\n\nBUG: unable to handle page fault for address: fffffbfff80a702b\nPGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nRIP: 0010:proc_get_inode+0x302/0x6e0\nRSP: 0018:ffff88811c837998 EFLAGS: 00010a06\nRAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007\nRDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158\nRBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20\nR10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0\nR13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001\nFS:  00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n proc_lookup_de+0x11f/0x2e0\n __lookup_slow+0x188/0x350\n walk_component+0x2ab/0x4f0\n path_lookupat+0x120/0x660\n filename_lookup+0x1ce/0x560\n vfs_statx+0xac/0x150\n __do_sys_newstat+0x96/0x110\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[adobriyan@gmail.com: don\u0027t do 2 atomic ops on the common path]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21999",
          "url": "https://www.suse.com/security/cve/CVE-2025-21999"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240802 for CVE-2025-21999",
          "url": "https://bugzilla.suse.com/1240802"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242579 for CVE-2025-21999",
          "url": "https://bugzilla.suse.com/1242579"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-21999"
    },
    {
      "cve": "CVE-2025-22004",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22004"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atm: fix use after free in lec_send()\n\nThe -\u003esend() operation frees skb so save the length before calling\n-\u003esend() to avoid a use after free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22004",
          "url": "https://www.suse.com/security/cve/CVE-2025-22004"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240835 for CVE-2025-22004",
          "url": "https://bugzilla.suse.com/1240835"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241090 for CVE-2025-22004",
          "url": "https://bugzilla.suse.com/1241090"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22004"
    },
    {
      "cve": "CVE-2025-22015",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22015"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate: fix shmem xarray update during migration\n\nA shmem folio can be either in page cache or in swap cache, but not at the\nsame time.  Namely, once it is in swap cache, folio-\u003emapping should be\nNULL, and the folio is no longer in a shmem mapping.\n\nIn __folio_migrate_mapping(), to determine the number of xarray entries to\nupdate, folio_test_swapbacked() is used, but that conflates shmem in page\ncache case and shmem in swap cache case.  It leads to xarray multi-index\nentry corruption, since it turns a sibling entry to a normal entry during\nxas_store() (see [1] for a userspace reproduction).  Fix it by only using\nfolio_test_swapcache() to determine whether xarray is storing swap cache\nentries or not to choose the right number of xarray entries to update.\n\n[1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/\n\nNote:\nIn __split_huge_page(), folio_test_anon() \u0026\u0026 folio_test_swapcache() is\nused to get swap_cache address space, but that ignores the shmem folio in\nswap cache case.  It could lead to NULL pointer dereferencing when a\nin-swap-cache shmem folio is split at __xa_store(), since\n!folio_test_anon() is true and folio-\u003emapping is NULL.  But fortunately,\nits caller split_huge_page_to_list_to_order() bails out early with EBUSY\nwhen folio-\u003emapping is NULL.  So no need to take care of it here.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22015",
          "url": "https://www.suse.com/security/cve/CVE-2025-22015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240944 for CVE-2025-22015",
          "url": "https://bugzilla.suse.com/1240944"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22015"
    },
    {
      "cve": "CVE-2025-22016",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22016"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: fix xa_alloc_cyclic() error handling\n\nIn case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will\nbe returned, which will cause IS_ERR() to be false. Which can lead to\ndereference not allocated pointer (pin).\n\nFix it by checking if err is lower than zero.\n\nThis wasn\u0027t found in real usecase, only noticed. Credit to Pierre.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22016",
          "url": "https://www.suse.com/security/cve/CVE-2025-22016"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240934 for CVE-2025-22016",
          "url": "https://bugzilla.suse.com/1240934"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22016"
    },
    {
      "cve": "CVE-2025-22017",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22017"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: fix xa_alloc_cyclic() error handling\n\nIn case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will\nbe returned, which will cause IS_ERR() to be false. Which can lead to\ndereference not allocated pointer (rel).\n\nFix it by checking if err is lower than zero.\n\nThis wasn\u0027t found in real usecase, only noticed. Credit to Pierre.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22017",
          "url": "https://www.suse.com/security/cve/CVE-2025-22017"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240936 for CVE-2025-22017",
          "url": "https://bugzilla.suse.com/1240936"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22017"
    },
    {
      "cve": "CVE-2025-22018",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22018"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry-\u003euse code in it.\n\nkasan log:\n\n[    3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[    3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[    3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[    3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[    3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[    3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[    3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[    3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[    3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[    3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[    3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[    3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[    3.324185] FS:  000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[    3.325042] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[    3.326430] Call Trace:\n[    3.326725]  \u003cTASK\u003e\n[    3.326927]  ? die_addr+0x3c/0xa0\n[    3.327330]  ? exc_general_protection+0x161/0x2a0\n[    3.327662]  ? asm_exc_general_protection+0x26/0x30\n[    3.328214]  ? vprintk_emit+0x15e/0x420\n[    3.328543]  ? eg_cache_remove_entry+0xa5/0x470\n[    3.328910]  ? eg_cache_remove_entry+0x9a/0x470\n[    3.329294]  ? __pfx_eg_cache_remove_entry+0x10/0x10\n[    3.329664]  ? console_unlock+0x107/0x1d0\n[    3.329946]  ? __pfx_console_unlock+0x10/0x10\n[    3.330283]  ? do_syscall_64+0xa6/0x1a0\n[    3.330584]  ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[    3.331090]  ? __pfx_prb_read_valid+0x10/0x10\n[    3.331395]  ? down_trylock+0x52/0x80\n[    3.331703]  ? vprintk_emit+0x15e/0x420\n[    3.331986]  ? __pfx_vprintk_emit+0x10/0x10\n[    3.332279]  ? down_trylock+0x52/0x80\n[    3.332527]  ? _printk+0xbf/0x100\n[    3.332762]  ? __pfx__printk+0x10/0x10\n[    3.333007]  ? _raw_write_lock_irq+0x81/0xe0\n[    3.333284]  ? __pfx__raw_write_lock_irq+0x10/0x10\n[    3.333614]  msg_from_mpoad+0x1185/0x2750\n[    3.333893]  ? __build_skb_around+0x27b/0x3a0\n[    3.334183]  ? __pfx_msg_from_mpoad+0x10/0x10\n[    3.334501]  ? __alloc_skb+0x1c0/0x310\n[    3.334809]  ? __pfx___alloc_skb+0x10/0x10\n[    3.335283]  ? _raw_spin_lock+0xe0/0xe0\n[    3.335632]  ? finish_wait+0x8d/0x1e0\n[    3.335975]  vcc_sendmsg+0x684/0xba0\n[    3.336250]  ? __pfx_vcc_sendmsg+0x10/0x10\n[    3.336587]  ? __pfx_autoremove_wake_function+0x10/0x10\n[    3.337056]  ? fdget+0x176/0x3e0\n[    3.337348]  __sys_sendto+0x4a2/0x510\n[    3.337663]  ? __pfx___sys_sendto+0x10/0x10\n[    3.337969]  ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[    3.338364]  ? sock_ioctl+0x1bb/0x5a0\n[    3.338653]  ? __rseq_handle_notify_resume+0x825/0xd20\n[    3.339017]  ? __pfx_sock_ioctl+0x10/0x10\n[    3.339316]  ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[    3.339727]  ? selinux_file_ioctl+0xa4/0x260\n[    3.340166]  __x64_sys_sendto+0xe0/0x1c0\n[    3.340526]  ? syscall_exit_to_user_mode+0x123/0x140\n[    3.340898]  do_syscall_64+0xa6/0x1a0\n[    3.341170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[    3.341533] RIP: 0033:0x44a380\n[    3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[    \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22018",
          "url": "https://www.suse.com/security/cve/CVE-2025-22018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241266 for CVE-2025-22018",
          "url": "https://bugzilla.suse.com/1241266"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22018"
    },
    {
      "cve": "CVE-2025-22020",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22020"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\nRead of size 8 at addr ffff888136335380 by task kworker/6:0/140241\n\nCPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G            E      6.14.0-rc6+ #1\nTainted: [E]=UNSIGNED_MODULE\nHardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024\nWorkqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x27/0x320\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n print_report+0x3e/0x70\n kasan_report+0xab/0xe0\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]\n ? __pfx___schedule+0x10/0x10\n ? kick_pool+0x3b/0x270\n process_one_work+0x357/0x660\n worker_thread+0x390/0x4c0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x190/0x1d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 161446:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x1a7/0x470\n memstick_alloc_host+0x1f/0xe0 [memstick]\n rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]\n platform_probe+0x60/0xe0\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n bus_probe_device+0xbd/0xd0\n device_add+0x4a5/0x760\n platform_device_add+0x189/0x370\n mfd_add_device+0x587/0x5e0\n mfd_add_devices+0xb1/0x130\n rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]\n usb_probe_interface+0x15c/0x460\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n rebind_marked_interfaces.isra.0+0xcc/0x110\n usb_reset_device+0x352/0x410\n usbdev_do_ioctl+0xe5c/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 161506:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x36/0x60\n __kasan_slab_free+0x34/0x50\n kfree+0x1fd/0x3b0\n device_release+0x56/0xf0\n kobject_cleanup+0x73/0x1c0\n rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]\n platform_remove+0x2f/0x50\n device_release_driver_internal+0x24b/0x2e0\n bus_remove_device+0x124/0x1d0\n device_del+0x239/0x530\n platform_device_del.part.0+0x19/0xe0\n platform_device_unregister+0x1c/0x40\n mfd_remove_devices_fn+0x167/0x170\n device_for_each_child_reverse+0xc9/0x130\n mfd_remove_devices+0x6e/0xa0\n rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]\n usb_unbind_interface+0xf3/0x3f0\n device_release_driver_internal+0x24b/0x2e0\n proc_disconnect_claim+0x13d/0x220\n usbdev_do_ioctl+0xb5e/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x360\n __irq_exit_rcu+0x114/0x130\n sysvec_apic_timer_interrupt+0x72/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22020",
          "url": "https://www.suse.com/security/cve/CVE-2025-22020"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241280 for CVE-2025-22020",
          "url": "https://bugzilla.suse.com/1241280"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241281 for CVE-2025-22020",
          "url": "https://bugzilla.suse.com/1241281"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22020"
    },
    {
      "cve": "CVE-2025-22025",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22025"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: put dl_stid if fail to queue dl_recall\n\nBefore calling nfsd4_run_cb to queue dl_recall to the callback_wq, we\nincrement the reference count of dl_stid.\nWe expect that after the corresponding work_struct is processed, the\nreference count of dl_stid will be decremented through the callback\nfunction nfsd4_cb_recall_release.\nHowever, if the call to nfsd4_run_cb fails, the incremented reference\ncount of dl_stid will not be decremented correspondingly, leading to the\nfollowing nfs4_stid leak:\nunreferenced object 0xffff88812067b578 (size 344):\n  comm \"nfsd\", pid 2761, jiffies 4295044002 (age 5541.241s)\n  hex dump (first 32 bytes):\n    01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff  ....kkkk........\n    00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de  .kkkkkkk.....N..\n  backtrace:\n    kmem_cache_alloc+0x4b9/0x700\n    nfsd4_process_open1+0x34/0x300\n    nfsd4_open+0x2d1/0x9d0\n    nfsd4_proc_compound+0x7a2/0xe30\n    nfsd_dispatch+0x241/0x3e0\n    svc_process_common+0x5d3/0xcc0\n    svc_process+0x2a3/0x320\n    nfsd+0x180/0x2e0\n    kthread+0x199/0x1d0\n    ret_from_fork+0x30/0x50\n    ret_from_fork_asm+0x1b/0x30\nunreferenced object 0xffff8881499f4d28 (size 368):\n  comm \"nfsd\", pid 2761, jiffies 4295044005 (age 5541.239s)\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff  ........0M.I....\n    30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00  0M.I.... .......\n  backtrace:\n    kmem_cache_alloc+0x4b9/0x700\n    nfs4_alloc_stid+0x29/0x210\n    alloc_init_deleg+0x92/0x2e0\n    nfs4_set_delegation+0x284/0xc00\n    nfs4_open_delegation+0x216/0x3f0\n    nfsd4_process_open2+0x2b3/0xee0\n    nfsd4_open+0x770/0x9d0\n    nfsd4_proc_compound+0x7a2/0xe30\n    nfsd_dispatch+0x241/0x3e0\n    svc_process_common+0x5d3/0xcc0\n    svc_process+0x2a3/0x320\n    nfsd+0x180/0x2e0\n    kthread+0x199/0x1d0\n    ret_from_fork+0x30/0x50\n    ret_from_fork_asm+0x1b/0x30\nFix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if\nfail to queue dl_recall.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22025",
          "url": "https://www.suse.com/security/cve/CVE-2025-22025"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241361 for CVE-2025-22025",
          "url": "https://bugzilla.suse.com/1241361"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22025"
    },
    {
      "cve": "CVE-2025-22027",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22027"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: streamzap: fix race between device disconnection and urb callback\n\nSyzkaller has reported a general protection fault at function\nir_raw_event_store_with_filter(). This crash is caused by a NULL pointer\ndereference of dev-\u003eraw pointer, even though it is checked for NULL in\nthe same function, which means there is a race condition. It occurs due\nto the incorrect order of actions in the streamzap_disconnect() function:\nrc_unregister_device() is called before usb_kill_urb(). The dev-\u003eraw\npointer is freed and set to NULL in rc_unregister_device(), and only\nafter that usb_kill_urb() waits for in-progress requests to finish.\n\nIf rc_unregister_device() is called while streamzap_callback() handler is\nnot finished, this can lead to accessing freed resources. Thus\nrc_unregister_device() should be called after usb_kill_urb().\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22027",
          "url": "https://www.suse.com/security/cve/CVE-2025-22027"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241369 for CVE-2025-22027",
          "url": "https://bugzilla.suse.com/1241369"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22027"
    },
    {
      "cve": "CVE-2025-22029",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22029"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22029",
          "url": "https://www.suse.com/security/cve/CVE-2025-22029"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241378 for CVE-2025-22029",
          "url": "https://bugzilla.suse.com/1241378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241379 for CVE-2025-22029",
          "url": "https://bugzilla.suse.com/1241379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22029"
    },
    {
      "cve": "CVE-2025-22033",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22033"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Don\u0027t call NULL in do_compat_alignment_fixup()\n\ndo_alignment_t32_to_handler() only fixes up alignment faults for\nspecific instructions; it returns NULL otherwise (e.g. LDREX). When\nthat\u0027s the case, signal to the caller that it needs to proceed with the\nregular alignment fault handling (i.e. SIGBUS). Without this patch, the\nkernel panics:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n  Mem abort info:\n    ESR = 0x0000000086000006\n    EC = 0x21: IABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x06: level 2 translation fault\n  user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000\n  [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000\n  Internal error: Oops: 0000000086000006 [#1] SMP\n  Modules linked in: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa\u003e\n   libcrc32c crc32c_generic raid0 multipath linear dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c\u003e\n  CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1  Debian 6.1.128-1\n  Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021\n  pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0x0\n  lr : do_compat_alignment_fixup+0xd8/0x3dc\n  sp : ffff80000f973dd0\n  x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000\n  x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n  x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001\n  x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488\n  x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n  x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000\n  x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001\n  Call trace:\n   0x0\n   do_alignment_fault+0x40/0x50\n   do_mem_abort+0x4c/0xa0\n   el0_da+0x48/0xf0\n   el0t_32_sync_handler+0x110/0x140\n   el0t_32_sync+0x190/0x194\n  Code: bad PC value\n  ---[ end trace 0000000000000000 ]---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22033",
          "url": "https://www.suse.com/security/cve/CVE-2025-22033"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241436 for CVE-2025-22033",
          "url": "https://bugzilla.suse.com/1241436"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22033"
    },
    {
      "cve": "CVE-2025-22036",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22036"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix random stack corruption after get_block\n\nWhen get_block is called with a buffer_head allocated on the stack, such\nas do_mpage_readpage, stack corruption due to buffer_head UAF may occur in\nthe following race condition situation.\n\n     \u003cCPU 0\u003e                      \u003cCPU 1\u003e\nmpage_read_folio\n  \u003c\u003cbh on stack\u003e\u003e\n  do_mpage_readpage\n    exfat_get_block\n      bh_read\n        __bh_read\n\t  get_bh(bh)\n          submit_bh\n          wait_on_buffer\n                              ...\n                              end_buffer_read_sync\n                                __end_buffer_read_notouch\n                                   unlock_buffer\n          \u003c\u003ckeep going\u003e\u003e\n        ...\n      ...\n    ...\n  ...\n\u003c\u003cbh is not valid out of mpage_read_folio\u003e\u003e\n   .\n   .\nanother_function\n  \u003c\u003cvariable A on stack\u003e\u003e\n                                   put_bh(bh)\n                                     atomic_dec(bh-\u003eb_count)\n  * stack corruption here *\n\nThis patch returns -EAGAIN if a folio does not have buffers when bh_read\nneeds to be called. By doing this, the caller can fallback to functions\nlike block_read_full_folio(), create a buffer_head in the folio, and then\ncall get_block again.\n\nLet\u0027s do not call bh_read() with on-stack buffer_head.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22036",
          "url": "https://www.suse.com/security/cve/CVE-2025-22036"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241426 for CVE-2025-22036",
          "url": "https://bugzilla.suse.com/1241426"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22036"
    },
    {
      "cve": "CVE-2025-22044",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22044"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: fix narrowing conversion in acpi_nfit_ctl\n\nSyzkaller has reported a warning in to_nfit_bus_uuid(): \"only secondary\nbus families can be translated\". This warning is emited if the argument\nis equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first\nverifies that a user-provided value call_pkg-\u003end_family of type u64 is\nnot equal to 0. Then the value is converted to int, and only after that\nis compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid\nargument to acpi_nfit_ctl(), if call_pkg-\u003end_family is non-zero, while\nthe lower 32 bits are zero.\n\nFurthermore, it is best to return EINVAL immediately upon seeing the\ninvalid user input.  The WARNING is insufficient to prevent further\nundefined behavior based on other invalid user input.\n\nAll checks of the input value should be applied to the original variable\ncall_pkg-\u003end_family.\n\n[iweiny: update commit message]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22044",
          "url": "https://www.suse.com/security/cve/CVE-2025-22044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241424 for CVE-2025-22044",
          "url": "https://bugzilla.suse.com/1241424"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22044"
    },
    {
      "cve": "CVE-2025-22045",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22045"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix flush_tlb_range() when used for zapping normal PMDs\n\nOn the following path, flush_tlb_range() can be used for zapping normal\nPMD entries (PMD entries that point to page tables) together with the PTE\nentries in the pointed-to page table:\n\n    collapse_pte_mapped_thp\n      pmdp_collapse_flush\n        flush_tlb_range\n\nThe arm64 version of flush_tlb_range() has a comment describing that it can\nbe used for page table removal, and does not use any last-level\ninvalidation optimizations. Fix the X86 version by making it behave the\nsame way.\n\nCurrently, X86 only uses this information for the following two purposes,\nwhich I think means the issue doesn\u0027t have much impact:\n\n - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be\n   IPI\u0027d to avoid issues with speculative page table walks.\n - In Hyper-V TLB paravirtualization, again for lazy TLB stuff.\n\nThe patch \"x86/mm: only invalidate final translations with INVLPGB\" which\nis currently under review (see\n\u003chttps://lore.kernel.org/all/20241230175550.4046587-13-riel@surriel.com/\u003e)\nwould probably be making the impact of this a lot worse.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22045",
          "url": "https://www.suse.com/security/cve/CVE-2025-22045"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241433 for CVE-2025-22045",
          "url": "https://bugzilla.suse.com/1241433"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22045"
    },
    {
      "cve": "CVE-2025-22050",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22050"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet:fix NPE during rx_complete\n\nMissing usbnet_going_away Check in Critical Path.\nThe usb_submit_urb function lacks a usbnet_going_away\nvalidation, whereas __usbnet_queue_skb includes this check.\n\nThis inconsistency creates a race condition where:\nA URB request may succeed, but the corresponding SKB data\nfails to be queued.\n\nSubsequent processes:\n(e.g., rx_complete \u2192 defer_bh \u2192 __skb_unlink(skb, list))\nattempt to access skb-\u003enext, triggering a NULL pointer\ndereference (Kernel Panic).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22050",
          "url": "https://www.suse.com/security/cve/CVE-2025-22050"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241441 for CVE-2025-22050",
          "url": "https://bugzilla.suse.com/1241441"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22050"
    },
    {
      "cve": "CVE-2025-22053",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22053"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ibmveth: make veth_pool_store stop hanging\n\nv2:\n- Created a single error handling unlock and exit in veth_pool_store\n- Greatly expanded commit message with previous explanatory-only text\n\nSummary: Use rtnl_mutex to synchronize veth_pool_store with itself,\nibmveth_close and ibmveth_open, preventing multiple calls in a row to\nnapi_disable.\n\nBackground: Two (or more) threads could call veth_pool_store through\nwriting to /sys/devices/vio/30000002/pool*/*. You can do this easily\nwith a little shell script. This causes a hang.\n\nI configured LOCKDEP, compiled ibmveth.c with DEBUG, and built a new\nkernel. I ran this test again and saw:\n\n    Setting pool0/active to 0\n    Setting pool1/active to 1\n    [   73.911067][ T4365] ibmveth 30000002 eth0: close starting\n    Setting pool1/active to 1\n    Setting pool1/active to 0\n    [   73.911367][ T4366] ibmveth 30000002 eth0: close starting\n    [   73.916056][ T4365] ibmveth 30000002 eth0: close complete\n    [   73.916064][ T4365] ibmveth 30000002 eth0: open starting\n    [  110.808564][  T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n    [  230.808495][  T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n    [  243.683786][  T123] INFO: task stress.sh:4365 blocked for more than 122 seconds.\n    [  243.683827][  T123]       Not tainted 6.14.0-01103-g2df0c02dab82-dirty #8\n    [  243.683833][  T123] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n    [  243.683838][  T123] task:stress.sh       state:D stack:28096 pid:4365  tgid:4365  ppid:4364   task_flags:0x400040 flags:0x00042000\n    [  243.683852][  T123] Call Trace:\n    [  243.683857][  T123] [c00000000c38f690] [0000000000000001] 0x1 (unreliable)\n    [  243.683868][  T123] [c00000000c38f840] [c00000000001f908] __switch_to+0x318/0x4e0\n    [  243.683878][  T123] [c00000000c38f8a0] [c000000001549a70] __schedule+0x500/0x12a0\n    [  243.683888][  T123] [c00000000c38f9a0] [c00000000154a878] schedule+0x68/0x210\n    [  243.683896][  T123] [c00000000c38f9d0] [c00000000154ac80] schedule_preempt_disabled+0x30/0x50\n    [  243.683904][  T123] [c00000000c38fa00] [c00000000154dbb0] __mutex_lock+0x730/0x10f0\n    [  243.683913][  T123] [c00000000c38fb10] [c000000001154d40] napi_enable+0x30/0x60\n    [  243.683921][  T123] [c00000000c38fb40] [c000000000f4ae94] ibmveth_open+0x68/0x5dc\n    [  243.683928][  T123] [c00000000c38fbe0] [c000000000f4aa20] veth_pool_store+0x220/0x270\n    [  243.683936][  T123] [c00000000c38fc70] [c000000000826278] sysfs_kf_write+0x68/0xb0\n    [  243.683944][  T123] [c00000000c38fcb0] [c0000000008240b8] kernfs_fop_write_iter+0x198/0x2d0\n    [  243.683951][  T123] [c00000000c38fd00] [c00000000071b9ac] vfs_write+0x34c/0x650\n    [  243.683958][  T123] [c00000000c38fdc0] [c00000000071bea8] ksys_write+0x88/0x150\n    [  243.683966][  T123] [c00000000c38fe10] [c0000000000317f4] system_call_exception+0x124/0x340\n    [  243.683973][  T123] [c00000000c38fe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec\n    ...\n    [  243.684087][  T123] Showing all locks held in the system:\n    [  243.684095][  T123] 1 lock held by khungtaskd/123:\n    [  243.684099][  T123]  #0: c00000000278e370 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x50/0x248\n    [  243.684114][  T123] 4 locks held by stress.sh/4365:\n    [  243.684119][  T123]  #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n    [  243.684132][  T123]  #1: c000000041aea888 (\u0026of-\u003emutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x154/0x2d0\n    [  243.684143][  T123]  #2: c0000000366fb9a8 (kn-\u003eactive#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x160/0x2d0\n    [  243.684155][  T123]  #3: c000000035ff4cb8 (\u0026dev-\u003elock){+.+.}-{3:3}, at: napi_enable+0x30/0x60\n    [  243.684166][  T123] 5 locks held by stress.sh/4366:\n    [  243.684170][  T123]  #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n    [  243.\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22053",
          "url": "https://www.suse.com/security/cve/CVE-2025-22053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241373 for CVE-2025-22053",
          "url": "https://bugzilla.suse.com/1241373"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22053"
    },
    {
      "cve": "CVE-2025-22055",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22055"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix geneve_opt length integer overflow\n\nstruct geneve_opt uses 5 bit length for each single option, which\nmeans every vary size option should be smaller than 128 bytes.\n\nHowever, all current related Netlink policies cannot promise this\nlength condition and the attacker can exploit a exact 128-byte size\noption to *fake* a zero length option and confuse the parsing logic,\nfurther achieve heap out-of-bounds read.\n\nOne example crash log is like below:\n\n[    3.905425] ==================================================================\n[    3.905925] BUG: KASAN: slab-out-of-bounds in nla_put+0xa9/0xe0\n[    3.906255] Read of size 124 at addr ffff888005f291cc by task poc/177\n[    3.906646]\n[    3.906775] CPU: 0 PID: 177 Comm: poc-oob-read Not tainted 6.1.132 #1\n[    3.907131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[    3.907784] Call Trace:\n[    3.907925]  \u003cTASK\u003e\n[    3.908048]  dump_stack_lvl+0x44/0x5c\n[    3.908258]  print_report+0x184/0x4be\n[    3.909151]  kasan_report+0xc5/0x100\n[    3.909539]  kasan_check_range+0xf3/0x1a0\n[    3.909794]  memcpy+0x1f/0x60\n[    3.909968]  nla_put+0xa9/0xe0\n[    3.910147]  tunnel_key_dump+0x945/0xba0\n[    3.911536]  tcf_action_dump_1+0x1c1/0x340\n[    3.912436]  tcf_action_dump+0x101/0x180\n[    3.912689]  tcf_exts_dump+0x164/0x1e0\n[    3.912905]  fw_dump+0x18b/0x2d0\n[    3.913483]  tcf_fill_node+0x2ee/0x460\n[    3.914778]  tfilter_notify+0xf4/0x180\n[    3.915208]  tc_new_tfilter+0xd51/0x10d0\n[    3.918615]  rtnetlink_rcv_msg+0x4a2/0x560\n[    3.919118]  netlink_rcv_skb+0xcd/0x200\n[    3.919787]  netlink_unicast+0x395/0x530\n[    3.921032]  netlink_sendmsg+0x3d0/0x6d0\n[    3.921987]  __sock_sendmsg+0x99/0xa0\n[    3.922220]  __sys_sendto+0x1b7/0x240\n[    3.922682]  __x64_sys_sendto+0x72/0x90\n[    3.922906]  do_syscall_64+0x5e/0x90\n[    3.923814]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[    3.924122] RIP: 0033:0x7e83eab84407\n[    3.924331] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[    3.925330] RSP: 002b:00007ffff505e370 EFLAGS: 00000202 ORIG_RAX: 000000000000002c\n[    3.925752] RAX: ffffffffffffffda RBX: 00007e83eaafa740 RCX: 00007e83eab84407\n[    3.926173] RDX: 00000000000001a8 RSI: 00007ffff505e3c0 RDI: 0000000000000003\n[    3.926587] RBP: 00007ffff505f460 R08: 00007e83eace1000 R09: 000000000000000c\n[    3.926977] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffff505f3c0\n[    3.927367] R13: 00007ffff505f5c8 R14: 00007e83ead1b000 R15: 00005d4fbbe6dcb8\n\nFix these issues by enforing correct length condition in related\npolicies.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22055",
          "url": "https://www.suse.com/security/cve/CVE-2025-22055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241371 for CVE-2025-22055",
          "url": "https://bugzilla.suse.com/1241371"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241372 for CVE-2025-22055",
          "url": "https://bugzilla.suse.com/1241372"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22055"
    },
    {
      "cve": "CVE-2025-22058",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22058"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix memory accounting leak.\n\nMatt Dowling reported a weird UDP memory usage issue.\n\nUnder normal operation, the UDP memory usage reported in /proc/net/sockstat\nremains close to zero.  However, it occasionally spiked to 524,288 pages\nand never dropped.  Moreover, the value doubled when the application was\nterminated.  Finally, it caused intermittent packet drops.\n\nWe can reproduce the issue with the script below [0]:\n\n  1. /proc/net/sockstat reports 0 pages\n\n    # cat /proc/net/sockstat | grep UDP:\n    UDP: inuse 1 mem 0\n\n  2. Run the script till the report reaches 524,288\n\n    # python3 test.py \u0026 sleep 5\n    # cat /proc/net/sockstat | grep UDP:\n    UDP: inuse 3 mem 524288  \u003c-- (INT_MAX + 1) \u003e\u003e PAGE_SHIFT\n\n  3. Kill the socket and confirm the number never drops\n\n    # pkill python3 \u0026\u0026 sleep 5\n    # cat /proc/net/sockstat | grep UDP:\n    UDP: inuse 1 mem 524288\n\n  4. (necessary since v6.0) Trigger proto_memory_pcpu_drain()\n\n    # python3 test.py \u0026 sleep 1 \u0026\u0026 pkill python3\n\n  5. The number doubles\n\n    # cat /proc/net/sockstat | grep UDP:\n    UDP: inuse 1 mem 1048577\n\nThe application set INT_MAX to SO_RCVBUF, which triggered an integer\noverflow in udp_rmem_release().\n\nWhen a socket is close()d, udp_destruct_common() purges its receive\nqueue and sums up skb-\u003etruesize in the queue.  This total is calculated\nand stored in a local unsigned integer variable.\n\nThe total size is then passed to udp_rmem_release() to adjust memory\naccounting.  However, because the function takes a signed integer\nargument, the total size can wrap around, causing an overflow.\n\nThen, the released amount is calculated as follows:\n\n  1) Add size to sk-\u003esk_forward_alloc.\n  2) Round down sk-\u003esk_forward_alloc to the nearest lower multiple of\n      PAGE_SIZE and assign it to amount.\n  3) Subtract amount from sk-\u003esk_forward_alloc.\n  4) Pass amount \u003e\u003e PAGE_SHIFT to __sk_mem_reduce_allocated().\n\nWhen the issue occurred, the total in udp_destruct_common() was 2147484480\n(INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release().\n\nAt 1) sk-\u003esk_forward_alloc is changed from 3264 to -2147479552, and\n2) sets -2147479552 to amount.  3) reverts the wraparound, so we don\u0027t\nsee a warning in inet_sock_destruct().  However, udp_memory_allocated\nends up doubling at 4).\n\nSince commit 3cd3399dd7a8 (\"net: implement per-cpu reserves for\nmemory_allocated\"), memory usage no longer doubles immediately after\na socket is close()d because __sk_mem_reduce_allocated() caches the\namount in udp_memory_per_cpu_fw_alloc.  However, the next time a UDP\nsocket receives a packet, the subtraction takes effect, causing UDP\nmemory usage to double.\n\nThis issue makes further memory allocation fail once the socket\u0027s\nsk-\u003esk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet\ndrops.\n\nTo prevent this issue, let\u0027s use unsigned int for the calculation and\ncall sk_forward_alloc_add() only once for the small delta.\n\nNote that first_packet_length() also potentially has the same problem.\n\n[0]:\nfrom socket import *\n\nSO_RCVBUFFORCE = 33\nINT_MAX = (2 ** 31) - 1\n\ns = socket(AF_INET, SOCK_DGRAM)\ns.bind((\u0027\u0027, 0))\ns.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX)\n\nc = socket(AF_INET, SOCK_DGRAM)\nc.connect(s.getsockname())\n\ndata = b\u0027a\u0027 * 100\n\nwhile True:\n    c.send(data)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22058",
          "url": "https://www.suse.com/security/cve/CVE-2025-22058"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241332 for CVE-2025-22058",
          "url": "https://bugzilla.suse.com/1241332"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22058"
    },
    {
      "cve": "CVE-2025-22060",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22060"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: Prevent parser TCAM memory corruption\n\nProtect the parser TCAM/SRAM memory, and the cached (shadow) SRAM\ninformation, from concurrent modifications.\n\nBoth the TCAM and SRAM tables are indirectly accessed by configuring\nan index register that selects the row to read or write to. This means\nthat operations must be atomic in order to, e.g., avoid spreading\nwrites across multiple rows. Since the shadow SRAM array is used to\nfind free rows in the hardware table, it must also be protected in\norder to avoid TOCTOU errors where multiple cores allocate the same\nrow.\n\nThis issue was detected in a situation where `mvpp2_set_rx_mode()` ran\nconcurrently on two CPUs. In this particular case the\nMVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the\nclassifier unit to drop all incoming unicast - indicated by the\n`rx_classifier_drops` counter.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22060",
          "url": "https://www.suse.com/security/cve/CVE-2025-22060"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241526 for CVE-2025-22060",
          "url": "https://bugzilla.suse.com/1241526"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22060"
    },
    {
      "cve": "CVE-2025-22062",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22062"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: add mutual exclusion in proc_sctp_do_udp_port()\n\nWe must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()\nor risk a crash as syzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\n RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653\nCall Trace:\n \u003cTASK\u003e\n  udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181\n  sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930\n  proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553\n  proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601\n  iter_file_splice_write+0x91c/0x1150 fs/splice.c:738\n  do_splice_from fs/splice.c:935 [inline]\n  direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158\n  splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102\n  do_splice_direct_actor fs/splice.c:1201 [inline]\n  do_splice_direct+0x174/0x240 fs/splice.c:1227\n  do_sendfile+0xafd/0xe50 fs/read_write.c:1368\n  __do_sys_sendfile64 fs/read_write.c:1429 [inline]\n  __se_sys_sendfile64 fs/read_write.c:1415 [inline]\n  __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415\n  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22062",
          "url": "https://www.suse.com/security/cve/CVE-2025-22062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241412 for CVE-2025-22062",
          "url": "https://bugzilla.suse.com/1241412"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22062"
    },
    {
      "cve": "CVE-2025-22064",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22064"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t unregister hook when table is dormant\n\nWhen nf_tables_updchain encounters an error, hook registration needs to\nbe rolled back.\n\nThis should only be done if the hook has been registered, which won\u0027t\nhappen when the table is flagged as dormant (inactive).\n\nJust move the assignment into the registration block.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22064",
          "url": "https://www.suse.com/security/cve/CVE-2025-22064"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241413 for CVE-2025-22064",
          "url": "https://bugzilla.suse.com/1241413"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22064"
    },
    {
      "cve": "CVE-2025-22065",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22065"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix adapter NULL pointer dereference on reboot\n\nWith SRIOV enabled, idpf ends up calling into idpf_remove() twice.\nFirst via idpf_shutdown() and then again when idpf_remove() calls into\nsriov_disable(), because the VF devices use the idpf driver, hence the\nsame remove routine. When that happens, it is possible for the adapter\nto be NULL from the first call to idpf_remove(), leading to a NULL\npointer dereference.\n\necho 1 \u003e /sys/class/net/\u003cnetif\u003e/device/sriov_numvfs\nreboot\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\n...\nRIP: 0010:idpf_remove+0x22/0x1f0 [idpf]\n...\n? idpf_remove+0x22/0x1f0 [idpf]\n? idpf_remove+0x1e4/0x1f0 [idpf]\npci_device_remove+0x3f/0xb0\ndevice_release_driver_internal+0x19f/0x200\npci_stop_bus_device+0x6d/0x90\npci_stop_and_remove_bus_device+0x12/0x20\npci_iov_remove_virtfn+0xbe/0x120\nsriov_disable+0x34/0xe0\nidpf_sriov_configure+0x58/0x140 [idpf]\nidpf_remove+0x1b9/0x1f0 [idpf]\nidpf_shutdown+0x12/0x30 [idpf]\npci_device_shutdown+0x35/0x60\ndevice_shutdown+0x156/0x200\n...\n\nReplace the direct idpf_remove() call in idpf_shutdown() with\nidpf_vc_core_deinit() and idpf_deinit_dflt_mbx(), which perform\nthe bulk of the cleanup, such as stopping the init task, freeing IRQs,\ndestroying the vports and freeing the mailbox. This avoids the calls to\nsriov_disable() in addition to a small netdev cleanup, and destroying\nworkqueues, which don\u0027t seem to be required on shutdown.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22065",
          "url": "https://www.suse.com/security/cve/CVE-2025-22065"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241333 for CVE-2025-22065",
          "url": "https://bugzilla.suse.com/1241333"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22065"
    },
    {
      "cve": "CVE-2025-22075",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22075"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Allocate vfinfo size for VF GUIDs when supported\n\nCommit 30aad41721e0 (\"net/core: Add support for getting VF GUIDs\")\nadded support for getting VF port and node GUIDs in netlink ifinfo\nmessages, but their size was not taken into consideration in the\nfunction that allocates the netlink message, causing the following\nwarning when a netlink message is filled with many VF port and node\nGUIDs:\n # echo 64 \u003e /sys/bus/pci/devices/0000\\:08\\:00.0/sriov_numvfs\n # ip link show dev ib0\n RTNETLINK answers: Message too long\n Cannot send link get request: Message too long\n\nKernel warning:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnl_getlink+0x586/0x5a0\n Modules linked in: xt_conntrack xt_MASQUERADE nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay mlx5_ib macsec mlx5_core tls rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm iw_cm ib_ipoib fuse ib_cm ib_core\n CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:rtnl_getlink+0x586/0x5a0\n Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff \u003c0f\u003e 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00\n RSP: 0018:ffff888113557348 EFLAGS: 00010246\n RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000\n RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8\n RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000\n R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00\n R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff\n FS:  00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n  \u003cTASK\u003e\n  ? __warn+0xa5/0x230\n  ? rtnl_getlink+0x586/0x5a0\n  ? report_bug+0x22d/0x240\n  ? handle_bug+0x53/0xa0\n  ? exc_invalid_op+0x14/0x50\n  ? asm_exc_invalid_op+0x16/0x20\n  ? skb_trim+0x6a/0x80\n  ? rtnl_getlink+0x586/0x5a0\n  ? __pfx_rtnl_getlink+0x10/0x10\n  ? rtnetlink_rcv_msg+0x1e5/0x860\n  ? __pfx___mutex_lock+0x10/0x10\n  ? rcu_is_watching+0x34/0x60\n  ? __pfx_lock_acquire+0x10/0x10\n  ? stack_trace_save+0x90/0xd0\n  ? filter_irq_stacks+0x1d/0x70\n  ? kasan_save_stack+0x30/0x40\n  ? kasan_save_stack+0x20/0x40\n  ? kasan_save_track+0x10/0x30\n  rtnetlink_rcv_msg+0x21c/0x860\n  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n  ? arch_stack_walk+0x9e/0xf0\n  ? rcu_is_watching+0x34/0x60\n  ? lock_acquire+0xd5/0x410\n  ? rcu_is_watching+0x34/0x60\n  netlink_rcv_skb+0xe0/0x210\n  ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n  ? __pfx_netlink_rcv_skb+0x10/0x10\n  ? rcu_is_watching+0x34/0x60\n  ? __pfx___netlink_lookup+0x10/0x10\n  ? lock_release+0x62/0x200\n  ? netlink_deliver_tap+0xfd/0x290\n  ? rcu_is_watching+0x34/0x60\n  ? lock_release+0x62/0x200\n  ? netlink_deliver_tap+0x95/0x290\n  netlink_unicast+0x31f/0x480\n  ? __pfx_netlink_unicast+0x10/0x10\n  ? rcu_is_watching+0x34/0x60\n  ? lock_acquire+0xd5/0x410\n  netlink_sendmsg+0x369/0x660\n  ? lock_release+0x62/0x200\n  ? __pfx_netlink_sendmsg+0x10/0x10\n  ? import_ubuf+0xb9/0xf0\n  ? __import_iovec+0x254/0x2b0\n  ? lock_release+0x62/0x200\n  ? __pfx_netlink_sendmsg+0x10/0x10\n  ____sys_sendmsg+0x559/0x5a0\n  ? __pfx_____sys_sendmsg+0x10/0x10\n  ? __pfx_copy_msghdr_from_user+0x10/0x10\n  ? rcu_is_watching+0x34/0x60\n  ? do_read_fault+0x213/0x4a0\n  ? rcu_is_watching+0x34/0x60\n  ___sys_sendmsg+0xe4/0x150\n  ? __pfx____sys_sendmsg+0x10/0x10\n  ? do_fault+0x2cc/0x6f0\n  ? handle_pte_fault+0x2e3/0x3d0\n  ? __pfx_handle_pte_fault+0x10/0x10\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22075",
          "url": "https://www.suse.com/security/cve/CVE-2025-22075"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241402 for CVE-2025-22075",
          "url": "https://bugzilla.suse.com/1241402"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22075"
    },
    {
      "cve": "CVE-2025-22080",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22080"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Prevent integer overflow in hdr_first_de()\n\nThe \"de_off\" and \"used\" variables come from the disk so they both need to\ncheck.  The problem is that on 32bit systems if they\u0027re both greater than\nUINT_MAX - 16 then the check does work as intended because of an integer\noverflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22080",
          "url": "https://www.suse.com/security/cve/CVE-2025-22080"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241416 for CVE-2025-22080",
          "url": "https://bugzilla.suse.com/1241416"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22080"
    },
    {
      "cve": "CVE-2025-22086",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22086"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow\n\nWhen cur_qp isn\u0027t NULL, in order to avoid fetching the QP from\nthe radix tree again we check if the next cqe QP is identical to\nthe one we already have.\n\nThe bug however is that we are checking if the QP is identical by\nchecking the QP number inside the CQE against the QP number inside the\nmlx5_ib_qp, but that\u0027s wrong since the QP number from the CQE is from\nFW so it should be matched against mlx5_core_qp which is our FW QP\nnumber.\n\nOtherwise we could use the wrong QP when handling a CQE which could\ncause the kernel trace below.\n\nThis issue is mainly noticeable over QPs 0 \u0026 1, since for now they are\nthe only QPs in our driver whereas the QP number inside mlx5_ib_qp\ndoesn\u0027t match the QP number inside mlx5_core_qp.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP\n CPU: 0 UID: 0 PID: 7927 Comm: kworker/u62:1 Not tainted 6.14.0-rc3+ #189\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]\n RIP: 0010:mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n Code: 03 00 00 8d 58 ff 21 cb 66 39 d3 74 39 48 c7 c7 3c 89 6e a0 0f b7 db e8 b7 d2 b3 e0 49 8b 86 60 03 00 00 48 c7 c7 4a 89 6e a0 \u003c0f\u003e b7 5c 98 02 e8 9f d2 b3 e0 41 0f b7 86 78 03 00 00 83 e8 01 21\n RSP: 0018:ffff88810511bd60 EFLAGS: 00010046\n RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff88885fa1b3c0 RDI: ffffffffa06e894a\n RBP: 00000000000000b0 R08: 0000000000000000 R09: ffff88810511bc10\n R10: 0000000000000001 R11: 0000000000000001 R12: ffff88810d593000\n R13: ffff88810e579108 R14: ffff888105146000 R15: 00000000000000b0\n FS:  0000000000000000(0000) GS:ffff88885fa00000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000012 CR3: 00000001077e6001 CR4: 0000000000370eb0\n Call Trace:\n  \u003cTASK\u003e\n  ? __die+0x20/0x60\n  ? page_fault_oops+0x150/0x3e0\n  ? exc_page_fault+0x74/0x130\n  ? asm_exc_page_fault+0x22/0x30\n  ? mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n  __ib_process_cq+0x5a/0x150 [ib_core]\n  ib_cq_poll_work+0x31/0x90 [ib_core]\n  process_one_work+0x169/0x320\n  worker_thread+0x288/0x3a0\n  ? work_busy+0xb0/0xb0\n  kthread+0xd7/0x1f0\n  ? kthreads_online_cpu+0x130/0x130\n  ? kthreads_online_cpu+0x130/0x130\n  ret_from_fork+0x2d/0x50\n  ? kthreads_online_cpu+0x130/0x130\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22086",
          "url": "https://www.suse.com/security/cve/CVE-2025-22086"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241458 for CVE-2025-22086",
          "url": "https://bugzilla.suse.com/1241458"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22086"
    },
    {
      "cve": "CVE-2025-22088",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22088"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/erdma: Prevent use-after-free in erdma_accept_newconn()\n\nAfter the erdma_cep_put(new_cep) being called, new_cep will be freed,\nand the following dereference will cause a UAF problem. Fix this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22088",
          "url": "https://www.suse.com/security/cve/CVE-2025-22088"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241528 for CVE-2025-22088",
          "url": "https://bugzilla.suse.com/1241528"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22088"
    },
    {
      "cve": "CVE-2025-22090",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22090"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()\n\nIf track_pfn_copy() fails, we already added the dst VMA to the maple\ntree. As fork() fails, we\u0027ll cleanup the maple tree, and stumble over\nthe dst VMA for which we neither performed any reservation nor copied\nany page tables.\n\nConsequently untrack_pfn() will see VM_PAT and try obtaining the\nPAT information from the page table -- which fails because the page\ntable was not copied.\n\nThe easiest fix would be to simply clear the VM_PAT flag of the dst VMA\nif track_pfn_copy() fails. However, the whole thing is about \"simply\"\nclearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy()\nand performed a reservation, but copying the page tables fails, we\u0027ll\nsimply clear the VM_PAT flag, not properly undoing the reservation ...\nwhich is also wrong.\n\nSo let\u0027s fix it properly: set the VM_PAT flag only if the reservation\nsucceeded (leaving it clear initially), and undo the reservation if\nanything goes wrong while copying the page tables: clearing the VM_PAT\nflag after undoing the reservation.\n\nNote that any copied page table entries will get zapped when the VMA will\nget removed later, after copy_page_range() succeeded; as VM_PAT is not set\nthen, we won\u0027t try cleaning VM_PAT up once more and untrack_pfn() will be\nhappy. Note that leaving these page tables in place without a reservation\nis not a problem, as we are aborting fork(); this process will never run.\n\nA reproducer can trigger this usually at the first try:\n\n  https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c\n\n  WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110\n  Modules linked in: ...\n  CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n  RIP: 0010:get_pat_info+0xf6/0x110\n  ...\n  Call Trace:\n   \u003cTASK\u003e\n   ...\n   untrack_pfn+0x52/0x110\n   unmap_single_vma+0xa6/0xe0\n   unmap_vmas+0x105/0x1f0\n   exit_mmap+0xf6/0x460\n   __mmput+0x4b/0x120\n   copy_process+0x1bf6/0x2aa0\n   kernel_clone+0xab/0x440\n   __do_sys_clone+0x66/0x90\n   do_syscall_64+0x95/0x180\n\nLikely this case was missed in:\n\n  d155df53f310 (\"x86/mm/pat: clear VM_PAT if copy_p4d_range failed\")\n\n... and instead of undoing the reservation we simply cleared the VM_PAT flag.\n\nKeep the documentation of these functions in include/linux/pgtable.h,\none place is more than sufficient -- we should clean that up for the other\nfunctions like track_pfn_remap/untrack_pfn separately.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22090",
          "url": "https://www.suse.com/security/cve/CVE-2025-22090"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241537 for CVE-2025-22090",
          "url": "https://bugzilla.suse.com/1241537"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22090"
    },
    {
      "cve": "CVE-2025-22093",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22093"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: avoid NPD when ASIC does not support DMUB\n\nctx-\u003edmub_srv will de NULL if the ASIC does not support DMUB, which is\ntested in dm_dmub_sw_init.\n\nHowever, it will be dereferenced in dmub_hw_lock_mgr_cmd if\nshould_use_dmub_lock returns true.\n\nThis has been the case since dmub support has been added for PSR1.\n\nFix this by checking for dmub_srv in should_use_dmub_lock.\n\n[   37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[   37.447808] #PF: supervisor read access in kernel mode\n[   37.452959] #PF: error_code(0x0000) - not-present page\n[   37.458112] PGD 0 P4D 0\n[   37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n[   37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88\n[   37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023\n[   37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0\n[   37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 \u003c48\u003e 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5\n[   37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202\n[   37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358\n[   37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000\n[   37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5\n[   37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000\n[   37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000\n[   37.551725] FS:  0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000\n[   37.559814] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0\n[   37.572697] Call Trace:\n[   37.575152]  \u003cTASK\u003e\n[   37.577258]  ? __die_body+0x66/0xb0\n[   37.580756]  ? page_fault_oops+0x3e7/0x4a0\n[   37.584861]  ? exc_page_fault+0x3e/0xe0\n[   37.588706]  ? exc_page_fault+0x5c/0xe0\n[   37.592550]  ? asm_exc_page_fault+0x22/0x30\n[   37.596742]  ? dmub_hw_lock_mgr_cmd+0x77/0xb0\n[   37.601107]  dcn10_cursor_lock+0x1e1/0x240\n[   37.605211]  program_cursor_attributes+0x81/0x190\n[   37.609923]  commit_planes_for_stream+0x998/0x1ef0\n[   37.614722]  update_planes_and_stream_v2+0x41e/0x5c0\n[   37.619703]  dc_update_planes_and_stream+0x78/0x140\n[   37.624588]  amdgpu_dm_atomic_commit_tail+0x4362/0x49f0\n[   37.629832]  ? srso_return_thunk+0x5/0x5f\n[   37.633847]  ? mark_held_locks+0x6d/0xd0\n[   37.637774]  ? _raw_spin_unlock_irq+0x24/0x50\n[   37.642135]  ? srso_return_thunk+0x5/0x5f\n[   37.646148]  ? lockdep_hardirqs_on+0x95/0x150\n[   37.650510]  ? srso_return_thunk+0x5/0x5f\n[   37.654522]  ? _raw_spin_unlock_irq+0x2f/0x50\n[   37.658883]  ? srso_return_thunk+0x5/0x5f\n[   37.662897]  ? wait_for_common+0x186/0x1c0\n[   37.666998]  ? srso_return_thunk+0x5/0x5f\n[   37.671009]  ? drm_crtc_next_vblank_start+0xc3/0x170\n[   37.675983]  commit_tail+0xf5/0x1c0\n[   37.679478]  drm_atomic_helper_commit+0x2a2/0x2b0\n[   37.684186]  drm_atomic_commit+0xd6/0x100\n[   37.688199]  ? __cfi___drm_printfn_info+0x10/0x10\n[   37.692911]  drm_atomic_helper_update_plane+0xe5/0x130\n[   37.698054]  drm_mode_cursor_common+0x501/0x670\n[   37.702600]  ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[   37.707572]  drm_mode_cursor_ioctl+0x48/0x70\n[   37.711851]  drm_ioctl_kernel+0xf2/0x150\n[   37.715781]  drm_ioctl+0x363/0x590\n[   37.719189]  ? __cfi_drm_mode_cursor_ioctl+0x10/0x10\n[   37.724165]  amdgpu_drm_ioctl+0x41/0x80\n[   37.728013]  __se_sys_ioctl+0x7f/0xd0\n[   37.731685]  do_syscall_64+0x87/0x100\n[   37.735355]  ? vma_end_read+0x12/0xe0\n[   37.739024]  ? srso_return_thunk+0x5/0x5f\n[   37.743041]  ? find_held_lock+0x47/0xf0\n[   37.746884]  ? vma_end_read+0x12/0xe0\n[   37.750552]  ? srso_return_thunk+0x5/0\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22093",
          "url": "https://www.suse.com/security/cve/CVE-2025-22093"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241545 for CVE-2025-22093",
          "url": "https://bugzilla.suse.com/1241545"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22093"
    },
    {
      "cve": "CVE-2025-22097",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22097"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Fix use after free and double free on init error\n\nIf the driver initialization fails, the vkms_exit() function might\naccess an uninitialized or freed default_config pointer and it might\ndouble free it.\n\nFix both possible errors by initializing default_config only when the\ndriver initialization succeeded.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22097",
          "url": "https://www.suse.com/security/cve/CVE-2025-22097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241541 for CVE-2025-22097",
          "url": "https://bugzilla.suse.com/1241541"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241542 for CVE-2025-22097",
          "url": "https://bugzilla.suse.com/1241542"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22097"
    },
    {
      "cve": "CVE-2025-22102",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22102"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix kernel panic during FW release\n\nThis fixes a kernel panic seen during release FW in a stress test\nscenario where WLAN and BT FW download occurs simultaneously, and due to\na HW bug, chip sends out only 1 bootloader signatures.\n\nWhen driver receives the bootloader signature, it enters FW download\nmode, but since no consequtive bootloader signatures seen, FW file is\nnot requested.\n\nAfter 60 seconds, when FW download times out, release_firmware causes a\nkernel panic.\n\n[ 2601.949184] Unable to handle kernel paging request at virtual address 0000312e6f006573\n[ 2601.992076] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000111802000\n[ 2601.992080] [0000312e6f006573] pgd=0000000000000000, p4d=0000000000000000\n[ 2601.992087] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP\n[ 2601.992091] Modules linked in: algif_hash algif_skcipher af_alg btnxpuart(O) pciexxx(O) mlan(O) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce snd_soc_fsl_easrc snd_soc_fsl_asoc_card imx8_media_dev(C) snd_soc_fsl_micfil polyval_generic snd_soc_fsl_xcvr snd_soc_fsl_sai snd_soc_imx_audmux snd_soc_fsl_asrc snd_soc_imx_card snd_soc_imx_hdmi snd_soc_fsl_aud2htx snd_soc_fsl_utils imx_pcm_dma dw_hdmi_cec flexcan can_dev\n[ 2602.001825] CPU: 2 PID: 20060 Comm: hciconfig Tainted: G         C O       6.6.23-lts-next-06236-gb586a521770e #1\n[ 2602.010182] Hardware name: NXP i.MX8MPlus EVK board (DT)\n[ 2602.010185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2602.010191] pc : _raw_spin_lock+0x34/0x68\n[ 2602.010201] lr : free_fw_priv+0x20/0xfc\n[ 2602.020561] sp : ffff800089363b30\n[ 2602.020563] x29: ffff800089363b30 x28: ffff0000d0eb5880 x27: 0000000000000000\n[ 2602.020570] x26: 0000000000000000 x25: ffff0000d728b330 x24: 0000000000000000\n[ 2602.020577] x23: ffff0000dc856f38\n[ 2602.033797] x22: ffff800089363b70 x21: ffff0000dc856000\n[ 2602.033802] x20: ff00312e6f006573 x19: ffff0000d0d9ea80 x18: 0000000000000000\n[ 2602.033809] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaad80dd480\n[ 2602.083320] x14: 0000000000000000 x13: 00000000000001b9 x12: 0000000000000002\n[ 2602.083326] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff800089363a30\n[ 2602.083333] x8 : ffff0001793d75c0 x7 : ffff0000d6dbc400 x6 : 0000000000000000\n[ 2602.083339] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000001\n[ 2602.083346] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ff00312e6f006573\n[ 2602.083354] Call trace:\n[ 2602.083356]  _raw_spin_lock+0x34/0x68\n[ 2602.083364]  release_firmware+0x48/0x6c\n[ 2602.083370]  nxp_setup+0x3c4/0x540 [btnxpuart]\n[ 2602.083383]  hci_dev_open_sync+0xf0/0xa34\n[ 2602.083391]  hci_dev_open+0xd8/0x178\n[ 2602.083399]  hci_sock_ioctl+0x3b0/0x590\n[ 2602.083405]  sock_do_ioctl+0x60/0x118\n[ 2602.083413]  sock_ioctl+0x2f4/0x374\n[ 2602.091430]  __arm64_sys_ioctl+0xac/0xf0\n[ 2602.091437]  invoke_syscall+0x48/0x110\n[ 2602.091445]  el0_svc_common.constprop.0+0xc0/0xe0\n[ 2602.091452]  do_el0_svc+0x1c/0x28\n[ 2602.091457]  el0_svc+0x40/0xe4\n[ 2602.091465]  el0t_64_sync_handler+0x120/0x12c\n[ 2602.091470]  el0t_64_sync+0x190/0x194",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22102",
          "url": "https://www.suse.com/security/cve/CVE-2025-22102"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241456 for CVE-2025-22102",
          "url": "https://bugzilla.suse.com/1241456"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22102"
    },
    {
      "cve": "CVE-2025-22104",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22104"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Use kernel helpers for hex dumps\n\nPreviously, when the driver was printing hex dumps, the buffer was cast\nto an 8 byte long and printed using string formatters. If the buffer\nsize was not a multiple of 8 then a read buffer overflow was possible.\n\nTherefore, create a new ibmvnic function that loops over a buffer and\ncalls hex_dump_to_buffer instead.\n\nThis patch address KASAN reports like the one below:\n  ibmvnic 30000003 env3: Login Buffer:\n  ibmvnic 30000003 env3: 01000000af000000\n  \u003c...\u003e\n  ibmvnic 30000003 env3: 2e6d62692e736261\n  ibmvnic 30000003 env3: 65050003006d6f63\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]\n  Read of size 8 at addr c0000001331a9aa8 by task ip/17681\n  \u003c...\u003e\n  Allocated by task 17681:\n  \u003c...\u003e\n  ibmvnic_login+0x2f0/0xffc [ibmvnic]\n  ibmvnic_open+0x148/0x308 [ibmvnic]\n  __dev_open+0x1ac/0x304\n  \u003c...\u003e\n  The buggy address is located 168 bytes inside of\n                allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)\n  \u003c...\u003e\n  =================================================================\n  ibmvnic 30000003 env3: 000000000033766e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22104",
          "url": "https://www.suse.com/security/cve/CVE-2025-22104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241550 for CVE-2025-22104",
          "url": "https://bugzilla.suse.com/1241550"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22104"
    },
    {
      "cve": "CVE-2025-22105",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22105"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: check xdp prog when set bond mode\n\nFollowing operations can trigger a warning[1]:\n\n    ip netns add ns1\n    ip netns exec ns1 ip link add bond0 type bond mode balance-rr\n    ip netns exec ns1 ip link set dev bond0 xdp obj af_xdp_kern.o sec xdp\n    ip netns exec ns1 ip link set bond0 type bond mode broadcast\n    ip netns del ns1\n\nWhen delete the namespace, dev_xdp_uninstall() is called to remove xdp\nprogram on bond dev, and bond_xdp_set() will check the bond mode. If bond\nmode is changed after attaching xdp program, the warning may occur.\n\nSome bond modes (broadcast, etc.) do not support native xdp. Set bond mode\nwith xdp program attached is not good. Add check for xdp program when set\nbond mode.\n\n    [1]\n    ------------[ cut here ]------------\n    WARNING: CPU: 0 PID: 11 at net/core/dev.c:9912 unregister_netdevice_many_notify+0x8d9/0x930\n    Modules linked in:\n    CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.14.0-rc4 #107\n    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n    Workqueue: netns cleanup_net\n    RIP: 0010:unregister_netdevice_many_notify+0x8d9/0x930\n    Code: 00 00 48 c7 c6 6f e3 a2 82 48 c7 c7 d0 b3 96 82 e8 9c 10 3e ...\n    RSP: 0018:ffffc90000063d80 EFLAGS: 00000282\n    RAX: 00000000ffffffa1 RBX: ffff888004959000 RCX: 00000000ffffdfff\n    RDX: 0000000000000000 RSI: 00000000ffffffea RDI: ffffc90000063b48\n    RBP: ffffc90000063e28 R08: ffffffff82d39b28 R09: 0000000000009ffb\n    R10: 0000000000000175 R11: ffffffff82d09b40 R12: ffff8880049598e8\n    R13: 0000000000000001 R14: dead000000000100 R15: ffffc90000045000\n    FS:  0000000000000000(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: 000000000d406b60 CR3: 000000000483e000 CR4: 00000000000006f0\n    Call Trace:\n     \u003cTASK\u003e\n     ? __warn+0x83/0x130\n     ? unregister_netdevice_many_notify+0x8d9/0x930\n     ? report_bug+0x18e/0x1a0\n     ? handle_bug+0x54/0x90\n     ? exc_invalid_op+0x18/0x70\n     ? asm_exc_invalid_op+0x1a/0x20\n     ? unregister_netdevice_many_notify+0x8d9/0x930\n     ? bond_net_exit_batch_rtnl+0x5c/0x90\n     cleanup_net+0x237/0x3d0\n     process_one_work+0x163/0x390\n     worker_thread+0x293/0x3b0\n     ? __pfx_worker_thread+0x10/0x10\n     kthread+0xec/0x1e0\n     ? __pfx_kthread+0x10/0x10\n     ? __pfx_kthread+0x10/0x10\n     ret_from_fork+0x2f/0x50\n     ? __pfx_kthread+0x10/0x10\n     ret_from_fork_asm+0x1a/0x30\n     \u003c/TASK\u003e\n    ---[ end trace 0000000000000000 ]---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22105",
          "url": "https://www.suse.com/security/cve/CVE-2025-22105"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241548 for CVE-2025-22105",
          "url": "https://bugzilla.suse.com/1241548"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22105"
    },
    {
      "cve": "CVE-2025-22106",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22106"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: unregister xdp rxq info in the reset path\n\nvmxnet3 does not unregister xdp rxq info in the\nvmxnet3_reset_work() code path as vmxnet3_rq_destroy()\nis not invoked in this code path. So, we get below message with a\nbacktrace.\n\nMissing unregister, handled but fix driver\nWARNING: CPU:48 PID: 500 at net/core/xdp.c:182\n__xdp_rxq_info_reg+0x93/0xf0\n\nThis patch fixes the problem by moving the unregister\ncode of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22106",
          "url": "https://www.suse.com/security/cve/CVE-2025-22106"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241547 for CVE-2025-22106",
          "url": "https://bugzilla.suse.com/1241547"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22106"
    },
    {
      "cve": "CVE-2025-22107",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22107"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()\n\nThere are actually 2 problems:\n- deleting the last element doesn\u0027t require the memmove of elements\n  [i + 1, end) over it. Actually, element i+1 is out of bounds.\n- The memmove itself should move size - i - 1 elements, because the last\n  element is out of bounds.\n\nThe out-of-bounds element still remains out of bounds after being\naccessed, so the problem is only that we touch it, not that it becomes\nin active use. But I suppose it can lead to issues if the out-of-bounds\nelement is part of an unmapped page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22107",
          "url": "https://www.suse.com/security/cve/CVE-2025-22107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241575 for CVE-2025-22107",
          "url": "https://bugzilla.suse.com/1241575"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22107"
    },
    {
      "cve": "CVE-2025-22108",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22108"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Mask the bd_cnt field in the TX BD properly\n\nThe bd_cnt field in the TX BD specifies the total number of BDs for\nthe TX packet.  The bd_cnt field has 5 bits and the maximum number\nsupported is 32 with the value 0.\n\nCONFIG_MAX_SKB_FRAGS can be modified and the total number of SKB\nfragments can approach or exceed the maximum supported by the chip.\nAdd a macro to properly mask the bd_cnt field so that the value 32\nwill be properly masked and set to 0 in the bd_cnd field.\n\nWithout this patch, the out-of-range bd_cnt value will corrupt the\nTX BD and may cause TX timeout.\n\nThe next patch will check for values exceeding 32.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22108",
          "url": "https://www.suse.com/security/cve/CVE-2025-22108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241574 for CVE-2025-22108",
          "url": "https://bugzilla.suse.com/1241574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22108"
    },
    {
      "cve": "CVE-2025-22109",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22109"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Remove broken autobind\n\nBinding AX25 socket by using the autobind feature leads to memory leaks\nin ax25_connect() and also refcount leaks in ax25_release(). Memory\nleak was detected with kmemleak:\n\n================================================================\nunreferenced object 0xffff8880253cd680 (size 96):\nbacktrace:\n__kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43)\nkmemdup_noprof (mm/util.c:136)\nax25_rt_autobind (net/ax25/ax25_route.c:428)\nax25_connect (net/ax25/af_ax25.c:1282)\n__sys_connect_file (net/socket.c:2045)\n__sys_connect (net/socket.c:2064)\n__x64_sys_connect (net/socket.c:2067)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n================================================================\n\nWhen socket is bound, refcounts must be incremented the way it is done\nin ax25_bind() and ax25_setsockopt() (SO_BINDTODEVICE). In case of\nautobind, the refcounts are not incremented.\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nax25_connect(): syz-executor318 uses autobind, please contact jreuter@yaina.de\n------------[ cut here ]------------\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 0 PID: 5317 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\nModules linked in:\nCPU: 0 UID: 0 PID: 5317 Comm: syz-executor318 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\n...\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4302 [inline]\n netdev_put include/linux/netdevice.h:4319 [inline]\n ax25_release+0x368/0x960 net/ax25/af_ax25.c:1080\n __sock_release net/socket.c:647 [inline]\n sock_close+0xbc/0x240 net/socket.c:1398\n __fput+0x3e9/0x9f0 fs/file_table.c:464\n __do_sys_close fs/open.c:1580 [inline]\n __se_sys_close fs/open.c:1565 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1565\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nConsidering the issues above and the comments left in the code that say:\n\"check if we can remove this feature. It is broken.\"; \"autobinding in this\nmay or may not work\"; - it is better to completely remove this feature than\nto fix it because it is broken and leads to various kinds of memory bugs.\n\nNow calling connect() without first binding socket will result in an\nerror (-EINVAL). Userspace software that relies on the autobind feature\nmight get broken. However, this feature does not seem widely used with\nthis specific driver as it was not reliable at any point of time, and it\nis already broken anyway. E.g. ax25-tools and ax25-apps packages for\npopular distributions do not use the autobind feature for AF_AX25.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22109",
          "url": "https://www.suse.com/security/cve/CVE-2025-22109"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241573 for CVE-2025-22109",
          "url": "https://bugzilla.suse.com/1241573"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22109"
    },
    {
      "cve": "CVE-2025-22115",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22115"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix block group refcount race in btrfs_create_pending_block_groups()\n\nBlock group creation is done in two phases, which results in a slightly\nunintuitive property: a block group can be allocated/deallocated from\nafter btrfs_make_block_group() adds it to the space_info with\nbtrfs_add_bg_to_space_info(), but before creation is completely completed\nin btrfs_create_pending_block_groups(). As a result, it is possible for a\nblock group to go unused and have \u0027btrfs_mark_bg_unused\u0027 called on it\nconcurrently with \u0027btrfs_create_pending_block_groups\u0027. This causes a\nnumber of issues, which were fixed with the block group flag\n\u0027BLOCK_GROUP_FLAG_NEW\u0027.\n\nHowever, this fix is not quite complete. Since it does not use the\nunused_bg_lock, it is possible for the following race to occur:\n\nbtrfs_create_pending_block_groups            btrfs_mark_bg_unused\n                                           if list_empty // false\n        list_del_init\n        clear_bit\n                                           else if (test_bit) // true\n                                                list_move_tail\n\nAnd we get into the exact same broken ref count and invalid new_bgs\nstate for transaction cleanup that BLOCK_GROUP_FLAG_NEW was designed to\nprevent.\n\nThe broken refcount aspect will result in a warning like:\n\n  [1272.943527] refcount_t: underflow; use-after-free.\n  [1272.943967] WARNING: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\n  [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs]\n  [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G        W          6.14.0-rc5+ #108\n  [1272.946368] Tainted: [W]=WARN\n  [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs]\n  [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110\n  [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282\n  [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000\n  [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff\n  [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268\n  [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0\n  [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0\n  [1272.952850] FS:  0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000\n  [1272.953458] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0\n  [1272.954474] Call Trace:\n  [1272.954655]  \u003cTASK\u003e\n  [1272.954812]  ? refcount_warn_saturate+0xba/0x110\n  [1272.955173]  ? __warn.cold+0x93/0xd7\n  [1272.955487]  ? refcount_warn_saturate+0xba/0x110\n  [1272.955816]  ? report_bug+0xe7/0x120\n  [1272.956103]  ? handle_bug+0x53/0x90\n  [1272.956424]  ? exc_invalid_op+0x13/0x60\n  [1272.956700]  ? asm_exc_invalid_op+0x16/0x20\n  [1272.957011]  ? refcount_warn_saturate+0xba/0x110\n  [1272.957399]  btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs]\n  [1272.957853]  btrfs_put_block_group.cold+0x5d/0x8e [btrfs]\n  [1272.958289]  btrfs_discard_workfn+0x194/0x380 [btrfs]\n  [1272.958729]  process_one_work+0x130/0x290\n  [1272.959026]  worker_thread+0x2ea/0x420\n  [1272.959335]  ? __pfx_worker_thread+0x10/0x10\n  [1272.959644]  kthread+0xd7/0x1c0\n  [1272.959872]  ? __pfx_kthread+0x10/0x10\n  [1272.960172]  ret_from_fork+0x30/0x50\n  [1272.960474]  ? __pfx_kthread+0x10/0x10\n  [1272.960745]  ret_from_fork_asm+0x1a/0x30\n  [1272.961035]  \u003c/TASK\u003e\n  [1272.961238] ---[ end trace 0000000000000000 ]---\n\nThough we have seen them in the async discard workfn as well. It is\nmost likely to happen after a relocation finishes which cancels discard,\ntears down the block group, etc.\n\nFix this fully by taking the lock arou\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22115",
          "url": "https://www.suse.com/security/cve/CVE-2025-22115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241578 for CVE-2025-22115",
          "url": "https://bugzilla.suse.com/1241578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241579 for CVE-2025-22115",
          "url": "https://bugzilla.suse.com/1241579"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22115"
    },
    {
      "cve": "CVE-2025-22116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: check error for register_netdev() on init\n\nCurrent init logic ignores the error code from register_netdev(),\nwhich will cause WARN_ON() on attempt to unregister it, if there was one,\nand there is no info for the user that the creation of the netdev failed.\n\nWARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10\n...\n[ 3707.563641]  unregister_netdev+0x1c/0x30\n[ 3707.563656]  idpf_vport_dealloc+0x5cf/0xce0 [idpf]\n[ 3707.563684]  idpf_deinit_task+0xef/0x160 [idpf]\n[ 3707.563712]  idpf_vc_core_deinit+0x84/0x320 [idpf]\n[ 3707.563739]  idpf_remove+0xbf/0x780 [idpf]\n[ 3707.563769]  pci_device_remove+0xab/0x1e0\n[ 3707.563786]  device_release_driver_internal+0x371/0x530\n[ 3707.563803]  driver_detach+0xbf/0x180\n[ 3707.563816]  bus_remove_driver+0x11b/0x2a0\n[ 3707.563829]  pci_unregister_driver+0x2a/0x250\n\nIntroduce an error check and log the vport number and error code.\nOn removal make sure to check VPORT_REG_NETDEV flag prior to calling\nunregister and free on the netdev.\n\nAdd local variables for idx, vport_config and netdev for readability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22116",
          "url": "https://www.suse.com/security/cve/CVE-2025-22116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241459 for CVE-2025-22116",
          "url": "https://bugzilla.suse.com/1241459"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22116"
    },
    {
      "cve": "CVE-2025-22121",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22121"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()\n\nThere\u0027s issue as follows:\nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790\nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172\n\nCPU: 3 PID: 15172 Comm: syz-executor.0\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0xbe/0xfd lib/dump_stack.c:123\n print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137\n ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896\n ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323\n evict+0x39f/0x880 fs/inode.c:622\n iput_final fs/inode.c:1746 [inline]\n iput fs/inode.c:1772 [inline]\n iput+0x525/0x6c0 fs/inode.c:1758\n ext4_orphan_cleanup fs/ext4/super.c:3298 [inline]\n ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300\n mount_bdev+0x355/0x410 fs/super.c:1446\n legacy_get_tree+0xfe/0x220 fs/fs_context.c:611\n vfs_get_tree+0x8d/0x2f0 fs/super.c:1576\n do_new_mount fs/namespace.c:2983 [inline]\n path_mount+0x119a/0x1ad0 fs/namespace.c:3316\n do_mount+0xfc/0x110 fs/namespace.c:3329\n __do_sys_mount fs/namespace.c:3540 [inline]\n __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nMemory state around the buggy address:\n ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\u003effff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n                   ^\n ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nAbove issue happens as ext4_xattr_delete_inode() isn\u0027t check xattr\nis valid if xattr is in inode.\nTo solve above issue call xattr_check_inode() check if xattr if valid\nin inode. In fact, we can directly verify in ext4_iget_extra_inode(),\nso that there is no divergent verification.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22121",
          "url": "https://www.suse.com/security/cve/CVE-2025-22121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241593 for CVE-2025-22121",
          "url": "https://bugzilla.suse.com/1241593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22121"
    },
    {
      "cve": "CVE-2025-22128",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22128"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath12k_pci_msi_alloc(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ.\n\nThis may end up with a warning from the IRQ core that is expecting the\naffinity hint to be cleared before freeing the IRQ:\n\nkernel/irq/manage.c:\n\n\t/* make sure affinity_hint is cleaned up */\n\tif (WARN_ON_ONCE(desc-\u003eaffinity_hint))\n\t\tdesc-\u003eaffinity_hint = NULL;\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath12k_pci_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22128",
          "url": "https://www.suse.com/security/cve/CVE-2025-22128"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241598 for CVE-2025-22128",
          "url": "https://bugzilla.suse.com/1241598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22128"
    },
    {
      "cve": "CVE-2025-23129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path\n\nIf a shared IRQ is used by the driver due to platform limitation, then the\nIRQ affinity hint is set right after the allocation of IRQ vectors in\nath11k_pci_alloc_msi(). This does no harm unless one of the functions\nrequesting the IRQ fails and attempt to free the IRQ. This results in the\nbelow warning:\n\nWARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 free_irq+0x278/0x29c\nCall trace:\n free_irq+0x278/0x29c\n ath11k_pcic_free_irq+0x70/0x10c [ath11k]\n ath11k_pci_probe+0x800/0x820 [ath11k_pci]\n local_pci_probe+0x40/0xbc\n\nThe warning is due to not clearing the affinity hint before freeing the\nIRQs.\n\nSo to fix this issue, clear the IRQ affinity hint before calling\nath11k_pcic_free_irq() in the error path. The affinity will be cleared once\nagain further down the error path due to code organization, but that does\nno harm.\n\nTested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23129",
          "url": "https://www.suse.com/security/cve/CVE-2025-23129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241599 for CVE-2025-23129",
          "url": "https://bugzilla.suse.com/1241599"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23129"
    },
    {
      "cve": "CVE-2025-23131",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23131"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: prevent NPD when writing a positive value to event_done\n\ndo_uevent returns the value written to event_done. In case it is a\npositive value, new_lockspace would undo all the work, and lockspace\nwould not be set. __dlm_new_lockspace, however, would treat that\npositive value as a success due to commit 8511a2728ab8 (\"dlm: fix use\ncount with multiple joins\").\n\nDown the line, device_create_lockspace would pass that NULL lockspace to\ndlm_find_lockspace_local, leading to a NULL pointer dereference.\n\nTreating such positive values as successes prevents the problem. Given\nthis has been broken for so long, this is unlikely to break userspace\nexpectations.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23131",
          "url": "https://www.suse.com/security/cve/CVE-2025-23131"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241601 for CVE-2025-23131",
          "url": "https://bugzilla.suse.com/1241601"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23131"
    },
    {
      "cve": "CVE-2025-23133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: update channel list in reg notifier instead reg worker\n\nCurrently when ath11k gets a new channel list, it will be processed\naccording to the following steps:\n1. update new channel list to cfg80211 and queue reg_work.\n2. cfg80211 handles new channel list during reg_work.\n3. update cfg80211\u0027s handled channel list to firmware by\nath11k_reg_update_chan_list().\n\nBut ath11k will immediately execute step 3 after reg_work is just\nqueued. Since step 2 is asynchronous, cfg80211 may not have completed\nhandling the new channel list, which may leading to an out-of-bounds\nwrite error:\nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list\nCall Trace:\n    ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]\n    kfree+0x109/0x3a0\n    ath11k_regd_update+0x1cf/0x350 [ath11k]\n    ath11k_regd_update_work+0x14/0x20 [ath11k]\n    process_one_work+0xe35/0x14c0\n\nShould ensure step 2 is completely done before executing step 3. Thus\nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,\ncfg80211 will notify ath11k after step 2 is done.\n\nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will\nnotify ath11k after step 2 is done. At this time, there will be no\nKASAN bug during the execution of the step 3.\n\n[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23133",
          "url": "https://www.suse.com/security/cve/CVE-2025-23133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241451 for CVE-2025-23133",
          "url": "https://bugzilla.suse.com/1241451"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23133"
    },
    {
      "cve": "CVE-2025-23136",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23136"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: int340x: Add NULL check for adev\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL.\nThis is similar to the commit cd2fd6eab480\n(\"platform/x86: int3472: Check for adev == NULL\").\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in int3402_thermal_probe().\n\nNote, under the same directory, int3400_thermal_probe() has such a\ncheck.\n\n[ rjw: Subject edit, added Fixes: ]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23136",
          "url": "https://www.suse.com/security/cve/CVE-2025-23136"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241357 for CVE-2025-23136",
          "url": "https://bugzilla.suse.com/1241357"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23136"
    },
    {
      "cve": "CVE-2025-23138",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23138"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: fix pipe accounting mismatch\n\nCurrently, watch_queue_set_size() modifies the pipe buffers charged to\nuser-\u003epipe_bufs without updating the pipe-\u003enr_accounted on the pipe\nitself, due to the if (!pipe_has_watch_queue()) test in\npipe_resize_ring(). This means that when the pipe is ultimately freed,\nwe decrement user-\u003epipe_bufs by something other than what than we had\ncharged to it, potentially leading to an underflow. This in turn can\ncause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.\n\nTo remedy this, explicitly account for the pipe usage in\nwatch_queue_set_size() to match the number set via account_pipe_buffers()\n\n(It\u0027s unclear why watch_queue_set_size() does not update nr_accounted;\nit may be due to intentional overprovisioning in watch_queue_set_size()?)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23138",
          "url": "https://www.suse.com/security/cve/CVE-2025-23138"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241648 for CVE-2025-23138",
          "url": "https://bugzilla.suse.com/1241648"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23138"
    },
    {
      "cve": "CVE-2025-23145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n\u0027mptcp_can_accept_new_subflow\u0027 because subflow_req-\u003emsk is NULL.\n\nCall trace:\n\n  mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n  subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n  tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n  tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n  ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n  ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n  ip_local_deliver (./net/ipv4/ip_input.c:254)\n  ip_rcv_finish (./net/ipv4/ip_input.c:449)\n  ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n\u0027subflow_req-\u003emsk\u0027 ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the \u0027subflow_req-\u003emsk\u0027 under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23145",
          "url": "https://www.suse.com/security/cve/CVE-2025-23145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242596 for CVE-2025-23145",
          "url": "https://bugzilla.suse.com/1242596"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242882 for CVE-2025-23145",
          "url": "https://bugzilla.suse.com/1242882"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-23145"
    },
    {
      "cve": "CVE-2025-37785",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37785"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix OOB read when checking dotdot dir\n\nMounting a corrupted filesystem with directory which contains \u0027.\u0027 dir\nentry with rec_len == block size results in out-of-bounds read (later\non, when the corrupted directory is removed).\n\next4_empty_dir() assumes every ext4 directory contains at least \u0027.\u0027\nand \u0027..\u0027 as directory entries in the first data block. It first loads\nthe \u0027.\u0027 dir entry, performs sanity checks by calling ext4_check_dir_entry()\nand then uses its rec_len member to compute the location of \u0027..\u0027 dir\nentry (in ext4_next_entry). It assumes the \u0027..\u0027 dir entry fits into the\nsame data block.\n\nIf the rec_len of \u0027.\u0027 is precisely one block (4KB), it slips through the\nsanity checks (it is considered the last directory entry in the data\nblock) and leaves \"struct ext4_dir_entry_2 *de\" point exactly past the\nmemory slot allocated to the data block. The following call to\next4_check_dir_entry() on new value of de then dereferences this pointer\nwhich results in out-of-bounds mem access.\n\nFix this by extending __ext4_check_dir_entry() to check for \u0027.\u0027 dir\nentries that reach the end of data block. Make sure to ignore the phony\ndir entries for checksum (by checking name_len for non-zero).\n\nNote: This is reported by KASAN as use-after-free in case another\nstructure was recently freed from the slot past the bound, but it is\nreally an OOB read.\n\nThis issue was found by syzkaller tool.\n\nCall Trace:\n[   38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710\n[   38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375\n[   38.595158]\n[   38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1\n[   38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[   38.595304] Call Trace:\n[   38.595308]  \u003cTASK\u003e\n[   38.595311]  dump_stack_lvl+0xa7/0xd0\n[   38.595325]  print_address_description.constprop.0+0x2c/0x3f0\n[   38.595339]  ? __ext4_check_dir_entry+0x67e/0x710\n[   38.595349]  print_report+0xaa/0x250\n[   38.595359]  ? __ext4_check_dir_entry+0x67e/0x710\n[   38.595368]  ? kasan_addr_to_slab+0x9/0x90\n[   38.595378]  kasan_report+0xab/0xe0\n[   38.595389]  ? __ext4_check_dir_entry+0x67e/0x710\n[   38.595400]  __ext4_check_dir_entry+0x67e/0x710\n[   38.595410]  ext4_empty_dir+0x465/0x990\n[   38.595421]  ? __pfx_ext4_empty_dir+0x10/0x10\n[   38.595432]  ext4_rmdir.part.0+0x29a/0xd10\n[   38.595441]  ? __dquot_initialize+0x2a7/0xbf0\n[   38.595455]  ? __pfx_ext4_rmdir.part.0+0x10/0x10\n[   38.595464]  ? __pfx___dquot_initialize+0x10/0x10\n[   38.595478]  ? down_write+0xdb/0x140\n[   38.595487]  ? __pfx_down_write+0x10/0x10\n[   38.595497]  ext4_rmdir+0xee/0x140\n[   38.595506]  vfs_rmdir+0x209/0x670\n[   38.595517]  ? lookup_one_qstr_excl+0x3b/0x190\n[   38.595529]  do_rmdir+0x363/0x3c0\n[   38.595537]  ? __pfx_do_rmdir+0x10/0x10\n[   38.595544]  ? strncpy_from_user+0x1ff/0x2e0\n[   38.595561]  __x64_sys_unlinkat+0xf0/0x130\n[   38.595570]  do_syscall_64+0x5b/0x180\n[   38.595583]  entry_SYSCALL_64_after_hwframe+0x76/0x7e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37785",
          "url": "https://www.suse.com/security/cve/CVE-2025-37785"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241640 for CVE-2025-37785",
          "url": "https://bugzilla.suse.com/1241640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241698 for CVE-2025-37785",
          "url": "https://bugzilla.suse.com/1241698"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37785"
    },
    {
      "cve": "CVE-2025-37798",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37798"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37798",
          "url": "https://www.suse.com/security/cve/CVE-2025-37798"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242414 for CVE-2025-37798",
          "url": "https://bugzilla.suse.com/1242414"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242417 for CVE-2025-37798",
          "url": "https://bugzilla.suse.com/1242417"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-37798"
    },
    {
      "cve": "CVE-2025-37799",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37799"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp\n\nvmxnet3 driver\u0027s XDP handling is buggy for packet sizes using ring0 (that\nis, packet sizes between 128 - 3k bytes).\n\nWe noticed MTU-related connectivity issues with Cilium\u0027s service load-\nbalancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP\nbackend service where the XDP LB was doing IPIP encap led to overly large\npacket sizes but only for *some* of the packets (e.g. HTTP GET request)\nwhile others (e.g. the prior TCP 3WHS) looked completely fine on the wire.\n\nIn fact, the pcap recording on the backend node actually revealed that the\nnode with the XDP LB was leaking uninitialized kernel data onto the wire\nfor the affected packets, for example, while the packets should have been\n152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes\nwas padded with whatever other data was in that page at the time (e.g. we\nsaw user/payload data from prior processed packets).\n\nWe only noticed this through an MTU issue, e.g. when the XDP LB node and\nthe backend node both had the same MTU (e.g. 1500) then the curl request\ngot dropped on the backend node\u0027s NIC given the packet was too large even\nthough the IPIP-encapped packet normally would never even come close to\nthe MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let\nthe curl request succeed (which also indicates that the kernel ignored the\npadding, and thus the issue wasn\u0027t very user-visible).\n\nCommit e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") was too eager\nto also switch xdp_prepare_buff() from rcd-\u003elen to rbi-\u003elen. It really needs\nto stick to rcd-\u003elen which is the actual packet length from the descriptor.\nThe latter we also feed into vmxnet3_process_xdp_small(), by the way, and\nit indicates the correct length needed to initialize the xdp-\u003e{data,data_end}\nparts. For e127ce7699c1 (\"vmxnet3: Fix missing reserved tailroom\") the\nrelevant part was adapting xdp_init_buff() to address the warning given the\nxdp_data_hard_end() depends on xdp-\u003eframe_sz. With that fixed, traffic on\nthe wire looks good again.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37799",
          "url": "https://www.suse.com/security/cve/CVE-2025-37799"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242283 for CVE-2025-37799",
          "url": "https://bugzilla.suse.com/1242283"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37799"
    },
    {
      "cve": "CVE-2025-37860",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37860"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix NULL dereferences in ef100_process_design_param()\n\nSince cited commit, ef100_probe_main() and hence also\n ef100_check_design_params() run before efx-\u003enet_dev is created;\n consequently, we cannot netif_set_tso_max_size() or _segs() at this\n point.\nMove those netif calls to ef100_probe_netdev(), and also replace\n netif_err within the design params code with pci_err.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37860",
          "url": "https://www.suse.com/security/cve/CVE-2025-37860"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241452 for CVE-2025-37860",
          "url": "https://bugzilla.suse.com/1241452"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37860"
    },
    {
      "cve": "CVE-2025-39728",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-39728"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: samsung: Fix UBSAN panic in samsung_clk_init()\n\nWith UBSAN_ARRAY_BOUNDS=y, I\u0027m hitting the below panic due to\ndereferencing `ctx-\u003eclk_data.hws` before setting\n`ctx-\u003eclk_data.num = nr_clks`. Move that up to fix the crash.\n\n  UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP\n  \u003csnip\u003e\n  Call trace:\n   samsung_clk_init+0x110/0x124 (P)\n   samsung_clk_init+0x48/0x124 (L)\n   samsung_cmu_register_one+0x3c/0xa0\n   exynos_arm64_register_cmu+0x54/0x64\n   __gs101_cmu_top_of_clk_init_declare+0x28/0x60\n   ...",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
          "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-39728",
          "url": "https://www.suse.com/security/cve/CVE-2025-39728"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241626 for CVE-2025-39728",
          "url": "https://bugzilla.suse.com/1241626"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-31.1.noarch",
            "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-31-rt-1-1.2.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-31.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-31.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-23T07:28:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-39728"
    }
  ]
}
CVE-2025-23131 (GCVE-0-2025-23131)

Vulnerability from cvelistv5

Published
2025-04-16 14:13
Modified
2025-05-26 05:19
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins"). Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_lockspace_local, leading to a NULL pointer dereference. Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.
References
►
URL
Tags
	https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c
	https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13
Impacted products
Vendor
Product
Version
►
Action not permitted

suse-su-2025:20355-1

Vulnerability from csaf_suse

CVE-2025-23131 (GCVE-0-2025-23131)

Vulnerability from cvelistv5

CVE-2025-21683 (GCVE-0-2025-21683)

Vulnerability from cvelistv5

CVE-2025-21707 (GCVE-0-2025-21707)

Vulnerability from cvelistv5

CVE-2025-21985 (GCVE-0-2025-21985)

Vulnerability from cvelistv5

CVE-2024-50083 (GCVE-0-2024-50083)

Vulnerability from cvelistv5

CVE-2025-22093 (GCVE-0-2025-22093)

Vulnerability from cvelistv5

CVE-2025-21758 (GCVE-0-2025-21758)

Vulnerability from cvelistv5

CVE-2025-22109 (GCVE-0-2025-22109)

Vulnerability from cvelistv5

CVE-2025-21904 (GCVE-0-2025-21904)

Vulnerability from cvelistv5

CVE-2024-46865 (GCVE-0-2024-46865)

Vulnerability from cvelistv5

CVE-2023-53034 (GCVE-0-2023-53034)

Vulnerability from cvelistv5

CVE-2025-22116 (GCVE-0-2025-22116)

Vulnerability from cvelistv5

CVE-2024-58094 (GCVE-0-2024-58094)

Vulnerability from cvelistv5

CVE-2024-58095 (GCVE-0-2024-58095)

Vulnerability from cvelistv5

CVE-2024-57998 (GCVE-0-2024-57998)

Vulnerability from cvelistv5

CVE-2025-22121 (GCVE-0-2025-22121)

Vulnerability from cvelistv5

CVE-2025-21852 (GCVE-0-2025-21852)

Vulnerability from cvelistv5

CVE-2025-21925 (GCVE-0-2025-21925)

Vulnerability from cvelistv5

CVE-2025-21931 (GCVE-0-2025-21931)

Vulnerability from cvelistv5

CVE-2025-21999 (GCVE-0-2025-21999)

Vulnerability from cvelistv5

CVE-2024-58070 (GCVE-0-2024-58070)

Vulnerability from cvelistv5

CVE-2025-22036 (GCVE-0-2025-22036)

Vulnerability from cvelistv5

CVE-2025-22062 (GCVE-0-2025-22062)

Vulnerability from cvelistv5

CVE-2025-21812 (GCVE-0-2025-21812)

Vulnerability from cvelistv5

CVE-2025-23129 (GCVE-0-2025-23129)

Vulnerability from cvelistv5

CVE-2025-22080 (GCVE-0-2025-22080)

Vulnerability from cvelistv5

CVE-2025-22090 (GCVE-0-2025-22090)

Vulnerability from cvelistv5

CVE-2024-58097 (GCVE-0-2024-58097)

Vulnerability from cvelistv5

CVE-2024-57924 (GCVE-0-2024-57924)

Vulnerability from cvelistv5

CVE-2025-22018 (GCVE-0-2025-22018)

Vulnerability from cvelistv5

CVE-2025-37785 (GCVE-0-2025-37785)

Vulnerability from cvelistv5

CVE-2024-56641 (GCVE-0-2024-56641)

Vulnerability from cvelistv5

CVE-2025-21792 (GCVE-0-2025-21792)

Vulnerability from cvelistv5

CVE-2025-22107 (GCVE-0-2025-22107)

Vulnerability from cvelistv5

CVE-2025-37860 (GCVE-0-2025-37860)

Vulnerability from cvelistv5

CVE-2025-22106 (GCVE-0-2025-22106)

Vulnerability from cvelistv5

CVE-2025-22053 (GCVE-0-2025-22053)

Vulnerability from cvelistv5

CVE-2024-27018 (GCVE-0-2024-27018)

Vulnerability from cvelistv5

CVE-2025-22088 (GCVE-0-2025-22088)
