{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL (bsc#1228557).\n- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).\n- CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg (bsc#1235728).\n- CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).\n- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).\n- CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).\n- CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1237312).\n- CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).\n- CVE-2025-21814: ptp: Ensure info-\u003eenable callback is always set (bsc#1238473).\n- CVE-2025-21868: kABI workaround for adding an header (bsc#1240180).\n- CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).\n- CVE-2025-21938: mptcp: fix \u0027scheduling while atomic\u0027 in mptcp_pm_nl_append_new_local_addr (bsc#1240723).\n- CVE-2025-21997: xsk: fix an integer overflow in xp_create_and_assign_umem() (bsc#1240823).\n- CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).\n- CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).\n- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).\n- CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).\n- CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).\n- CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).\n- CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).\n- CVE-2025-22113: ext4: define ext4_journal_destroy wrapper (bsc#1241617).\n- CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).\n- CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).\n- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).\n- CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related\n  to the scp device in FW initialization (bsc#1242507).\n- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).\n- CVE-2025-37743: wifi: ath12k: Avoid memory leak while enabling statistics (bsc#1242163).\n- CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).\n- CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).\n- CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).\n- CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).\n- CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).\n- CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).\n- CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).\n- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).\n- CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).\n- CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849).\n- CVE-2025-37801: spi: spi-imx: Add check for spi_imx_setupxfer() (bsc#1242850).\n- CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).\n- CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).\n- CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).\n- CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).\n- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).\n- CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).\n- CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).\n- CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).\n- CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).\n- CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).\n- CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).\n- CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946).\n- CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982).\n- CVE-2025-37865: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (bsc#1242954).\n- CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).\n- CVE-2025-37874: net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1242940).\n- CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).\n- CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).\n- CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).\n- CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (bsc#1243475).\n- CVE-2025-37933: octeon_ep: Fix host hang issue during device reboot (bsc#1243628).\n- CVE-2025-37936: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU\u0027s value (bsc#1243537).\n- CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).\n- CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664).\n- CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).\n- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).\n- CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).\n- CVE-2025-37967: usb: typec: ucsi: displayport: Fix deadlock (bsc#1243572).\n- CVE-2025-37968: iio: light: opt3001: fix deadlock due to concurrent flag access (bsc#1243571).\n- CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).\n- CVE-2025-37987: pds_core: Prevent possible adminq overflow/stuck condition (bsc#1243542).\n- CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836).\n- CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).\n- CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).\n\nThe following non-security bugs were fixed:\n\n- ACPI: HED: Always initialize before evged (stable-fixes).\n- ACPI: OSI: Stop advertising support for \"3.0 _SCP Extensions\" (git-fixes).\n- ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list (stable-fixes).\n- ACPI: PPTT: Fix processor subtable walk (git-fixes).\n- ACPICA: Utilities: Fix spelling mistake \"Incremement\" -\u003e \"Increment\" (git-fixes).\n- ACPICA: exserial: do not forget to handle FFixedHW opregions for reading (git-fixes).\n- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).\n- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx (stable-fixes).\n- ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 (stable-fixes).\n- ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 (stable-fixes).\n- ALSA: pcm: Fix race of buffer access at PCM OSS layer (stable-fixes).\n- ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).\n- ALSA: seq: Improve data consistency at polling (stable-fixes).\n- ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).\n- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).\n- ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).\n- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).\n- ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX (git-fixes).\n- ASoC: Intel: avs: Verify content returned by parse_int_array() (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (stable-fixes).\n- ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).\n- ASoC: SOF: ipc4-pcm: Adjust pipeline_list-\u003epipelines allocation type (git-fixes).\n- ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).\n- ASoC: apple: mca: Constrain channels according to TDM mask (git-fixes).\n- ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes).\n- ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode (stable-fixes).\n- ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() (stable-fixes).\n- ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect (stable-fixes).\n- ASoC: mediatek: mt8188: Add reference for dmic clocks (stable-fixes).\n- ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile (stable-fixes).\n- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (git-fixes).\n- ASoC: ops: Enforce platform maximum on initial value (stable-fixes).\n- ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (git-fixes).\n- ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() (stable-fixes).\n- ASoC: rt722-sdca: Add some missing readable registers (stable-fixes).\n- ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() (stable-fixes).\n- ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes).\n- ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG (stable-fixes).\n- ASoC: tas2764: Enable main IRQs (git-fixes).\n- ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes).\n- ASoC: tas2764: Power up/down amp on mute ops (stable-fixes).\n- ASoC: tas2764: Reinit cache on part reset (git-fixes).\n- ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).\n- Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).\n- Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (git-fixes).\n- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).\n- Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() (git-fixes).\n- Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).\n- Bluetooth: hci_qca: move the SoC type check to the right place (git-fixes).\n- Documentation/rtla: Fix duplicate text about timerlat tracer (git-fixes).\n- Documentation/rtla: Fix typo in common_timerlat_description.rst (git-fixes).\n- Documentation/rtla: Fix typo in rtla-timerlat.rst (git-fixes).\n- Documentation: fix typo in root= kernel parameter description (git-fixes).\n- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).\n- Drop AMDGPU patch that may cause regressions (bsc#1243782)\n- Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).\n- HID: quirks: Add ADATA XPG alpha wireless mouse support (stable-fixes).\n- HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).\n- HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).\n- HID: usbkbd: Fix the bit shift number for LED_KANA (stable-fixes).\n- IB/cm: use rwlock for MAD agent lock (git-fixes)\n- Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() (git-fixes).\n- Input: ims-pcu - check record size in ims_pcu_flash_firmware() (git-fixes).\n- Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).\n- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).\n- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).\n- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).\n- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).\n- Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).\n- Input: xpad - add more controllers (stable-fixes).\n- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).\n- Input: xpad - fix Share button on Xbox One controllers (stable-fixes).\n- KVM: SVM: Allocate IR data using atomic allocation (git-fixes).\n- KVM: SVM: Drop DEBUGCTL[5:2] from guest\u0027s effective value (git-fixes).\n- KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).\n- KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).\n- KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).\n- KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).\n- KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).\n- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).\n- KVM: arm64: Mark some header functions as inline (git-fixes).\n- KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).\n- KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).\n- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).\n- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).\n- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).\n- KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).\n- KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).\n- KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).\n- KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).\n- KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).\n- KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion (bsc#1215199).\n- KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).\n- KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).\n- KVM: x86/xen: Use guest\u0027s copy of pvclock when starting timer (git-fixes).\n- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).\n- KVM: x86: Do not take kvm-\u003elock when iterating over vCPUs in suspend notifier (git-fixes).\n- KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).\n- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn\u0027t supported by KVM (git-fixes).\n- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).\n- KVM: x86: Make x2APIC ID 100% readonly (git-fixes).\n- KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).\n- KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).\n- KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).\n- Move upstreamed patches into sorted section\n- Move upstreamed tpm patch into sorted section\n- NFS: Do not allow waiting for exiting tasks (git-fixes).\n- NFS: O_DIRECT writes must check and adjust the file length (git-fixes).\n- NFSD: Insulate nfsd4_encode_read_plus() from page boundaries in the encode buffer (git-fixes).\n- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn\u0027t up (git-fixes).\n- NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).\n- NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (git-fixes).\n- NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).\n- NFSv4: Treat ENETUNREACH errors as fatal for state recovery (git-fixes).\n- PCI/DPC: Initialize aer_err_info before using it (git-fixes).\n- PCI: Explicitly put devices into D0 when initializing (git-fixes).\n- PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes).\n- PCI: Fix old_size lower bound in calculate_iosize() too (stable-fixes).\n- PCI: apple: Use gpiod_set_value_cansleep in probe flow (git-fixes).\n- PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes).\n- PCI: brcmstb: Expand inbound window size up to 64GB (stable-fixes).\n- PCI: cadence-ep: Correct PBA offset in .set_msix() callback (git-fixes).\n- PCI: cadence: Fix runtime atomic count underflow (git-fixes).\n- PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (git-fixes).\n- PCI: dwc: ep: Ensure proper iteration over outbound map windows (stable-fixes).\n- PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes).\n- PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (git-fixes).\n- PM: sleep: Print PM debug messages during hibernation (git-fixes).\n- PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (git-fixes).\n- RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)\n- RDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem (git-fixes)\n- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)\n- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)\n- RDMA/rxe: Fix \"trying to register non-static key in rxe_qp_do_cleanup\" bug (git-fixes)\n- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)\n- Refresh fixes for cBPF issue (bsc#1242778)\n- Revert \"bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first\" (stable-fixes).\n- Revert \"drm/amd: Keep display off while going into S4\" (git-fixes).\n- Revert \"drm/amd: Stop evicting resources on APUs in suspend\" (stable-fixes).\n- Revert \"drm/amdgpu: do not allow userspace to create a doorbell BO\" (stable-fixes).\n- Revert \"rndis_host: Flag RNDIS modems as WWAN devices\" (git-fixes).\n- Revert \"wifi: mt76: mt7996: fill txd by host driver\" (stable-fixes).\n- SUNRPC: Do not allow waiting for exiting tasks (git-fixes).\n- SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (git-fixes).\n- SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (git-fixes).\n- SUNRPC: rpcbind should never reset the port to the value \u00270\u0027 (git-fixes).\n- Squashfs: check return result of sb_min_blocksize (git-fixes).\n- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (git-fixes).\n- Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).\n- accel/qaic: Mask out SR-IOV PCI resources (stable-fixes).\n- acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() (git-fixes).\n- add bug reference for an existing hv_netvsc change (bsc#1243737).\n- afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).\n- afs: Make it possible to find the volumes that are using a server (git-fixes).\n- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)\n- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)\n- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)\n- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)\n- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)\n- arm64: insn: Add support for encoding DSB (git-fixes)\n- arm64: proton-pack: Add new CPUs \u0027k\u0027 values for branch mitigation (git-fixes)\n- arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)\n- arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)\n- arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).\n- backlight: pm8941: Add NULL check in wled_configure() (git-fixes).\n- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).\n- bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).\n- bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).\n- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).\n- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).\n- bpf: Scrub packet on bpf_redirect_peer (git-fixes).\n- btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).\n- btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).\n- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).\n- btrfs: avoid monopolizing a core when activating a swap file (git-fixes).\n- btrfs: do not loop for nowait writes when checking for cross references (git-fixes).\n- btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).\n- btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).\n- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).\n- bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (git-fixes).\n- bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes).\n- bus: fsl-mc: fix double-free on mc_dev (git-fixes).\n- bus: mhi: host: Fix conflict between power_up and SYSERR (git-fixes).\n- can: bcm: add locking for bcm_op runtime updates (git-fixes).\n- can: bcm: add missing rcu read protection for procfs content (git-fixes).\n- can: c_can: Use of_property_present() to test existence of DT property (stable-fixes).\n- can: slcan: allow reception of short error messages (git-fixes).\n- check-for-config-changes: Fix flag name typo\n- cifs: change tcon status when need_reconnect is set on it (git-fixes).\n- cifs: reduce warning log level for server not advertising interfaces (git-fixes).\n- crypto: algif_hash - fix double free in hash_accept (git-fixes).\n- crypto: lrw - Only add ecb if it is not already there (git-fixes).\n- crypto: lzo - Fix compression buffer overrun (stable-fixes).\n- crypto: marvell/cesa - Avoid empty transfer descriptor (git-fixes).\n- crypto: marvell/cesa - Do not chain submitted requests (git-fixes).\n- crypto: marvell/cesa - Handle zero-length skcipher requests (git-fixes).\n- crypto: octeontx2 - suppress auth failure screaming due to negative tests (stable-fixes).\n- crypto: qat - add shutdown handler to qat_420xx (git-fixes).\n- crypto: qat - add shutdown handler to qat_4xxx (git-fixes).\n- crypto: skcipher - Zap type in crypto_alloc_sync_skcipher (stable-fixes).\n- crypto: sun8i-ce - move fallback ahash_request to the end of the struct (git-fixes).\n- crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() (git-fixes).\n- crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (git-fixes).\n- crypto: xts - Only add ecb if it is not already there (git-fixes).\n- devlink: fix port new reply cmd type (git-fixes).\n- dlm: mask sk_shutdown value (bsc#1228854).\n- dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854).\n- dm-integrity: fix a warning on invalid table line (git-fixes).\n- dma-buf: insert memory barrier before updating num_fences (git-fixes).\n- dmaengine: Revert \"dmaengine: dmatest: Fix dmatest waiting less when interrupted\" (git-fixes).\n- dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).\n- dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).\n- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).\n- dmaengine: idxd: Fix -\u003epoll() return value (git-fixes).\n- dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).\n- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).\n- dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open (stable-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).\n- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).\n- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).\n- dmaengine: mediatek: drop unused variable (git-fixes).\n- dmaengine: ti: Add NULL check in udma_probe() (git-fixes).\n- dmaengine: ti: k3-udma: Add missing locking (git-fixes).\n- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).\n- drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() (stable-fixes).\n- drm/amd/display: Add null pointer check for get_first_active_display() (git-fixes).\n- drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).\n- drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).\n- drm/amd/display: Do not try AUX transactions on disconnected link (stable-fixes).\n- drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch (stable-fixes).\n- drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).\n- drm/amd/display: Guard against setting dispclk low for dcn31x (stable-fixes).\n- drm/amd/display: Increase block_sequence array size (stable-fixes).\n- drm/amd/display: Initial psr_version with correct setting (stable-fixes).\n- drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination (stable-fixes).\n- drm/amd/display: Update CR AUX RD interval interpretation (stable-fixes).\n- drm/amd/display: fix link_set_dpms_off multi-display MST corner case (stable-fixes).\n- drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).\n- drm/amd/display: remove minimum Dispclk and apply oem panel timing (stable-fixes).\n- drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (git-fixes).\n- drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).\n- drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c (stable-fixes).\n- drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).\n- drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes).\n- drm/amdgpu: Update SRIOV video codec caps (stable-fixes).\n- drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes).\n- drm/amdgpu: fix pm notifier handling (git-fixes).\n- drm/amdgpu: reset psp-\u003ecmd to NULL after releasing the buffer (stable-fixes).\n- drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).\n- drm/amdkfd: KFD release_work possible circular locking (stable-fixes).\n- drm/amdkfd: Set per-process flags only once cik/vi (stable-fixes).\n- drm/ast: Find VBIOS mode from regular display size (stable-fixes).\n- drm/ast: Fix comment on modeset lock (git-fixes).\n- drm/atomic: clarify the rules around drm_atomic_state-\u003eallow_modeset (stable-fixes).\n- drm/bridge: cdns-dsi: Check return value when getting default PHY config (git-fixes).\n- drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes).\n- drm/bridge: cdns-dsi: Fix phy de-init and flag it so (git-fixes).\n- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (git-fixes).\n- drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (git-fixes).\n- drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() (git-fixes).\n- drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).\n- drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 (git-fixes).\n- drm/mediatek: Fix kobject put for component sub-drivers (git-fixes).\n- drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (stable-fixes).\n- drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr (git-fixes).\n- drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err (git-fixes).\n- drm/msm/gpu: Fix crash when throttling GPU immediately during boot (git-fixes).\n- drm/panel-edp: Add Starry 116KHD024006 (stable-fixes).\n- drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes).\n- drm/rockchip: vop2: Add uv swap for cluster window (stable-fixes).\n- drm/tegra: Assign plane type before registration (git-fixes).\n- drm/tegra: Fix a possible null pointer dereference (git-fixes).\n- drm/tegra: rgb: Fix the unbound reference count (git-fixes).\n- drm/udl: Unregister device before cleaning up on disconnect (git-fixes).\n- drm/v3d: Add clock handling (stable-fixes).\n- drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).\n- drm/vc4: tests: Use return instead of assert (git-fixes).\n- drm/vkms: Adjust vkms_state-\u003eactive_planes allocation type (git-fixes).\n- drm/vmwgfx: Add seqno waiter for sync_files (git-fixes).\n- drm: Add valid clones check (stable-fixes).\n- drm: bridge: adv7511: fill stream capabilities (stable-fixes).\n- drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (git-fixes).\n- exfat: fix potential wrong error return from get_block (git-fixes).\n- fbcon: Use correct erase colour for clearing in fbcon (stable-fixes).\n- fbdev/efifb: Remove PM for parent device (bsc#1244261).\n- fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var (git-fixes).\n- fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (git-fixes).\n- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (git-fixes).\n- fbdev: core: tileblit: Implement missing margin clearing for tileblit (stable-fixes).\n- fbdev: fsl-diu-fb: add missing device_remove_file() (stable-fixes).\n- firmware: arm_ffa: Reject higher major version as incompatible (stable-fixes).\n- firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes).\n- firmware: arm_scmi: Relax duplicate name constraint across protocol ids (stable-fixes).\n- firmware: psci: Fix refcount leak in psci_dt_init (git-fixes).\n- fpga: altera-cvp: Increase credit timeout (stable-fixes).\n- fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (git-fixes).\n- gpio: pca953x: Simplify code with cleanup helpers (stable-fixes).\n- gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() (stable-fixes).\n- gpio: pca953x: fix IRQ storm on system wake up (git-fixes).\n- gpiolib: Revert \"Do not WARN on gpiod_put() for optional GPIO\" (stable-fixes).\n- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).\n- hv_netvsc: Remove rmsg_pgcnt (git-fixes).\n- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).\n- hwmon: (asus-ec-sensors) check sensor index in read_string() (git-fixes).\n- hwmon: (dell-smm) Increment the number of fans (stable-fixes).\n- hwmon: (gpio-fan) Add missing mutex locks (stable-fixes).\n- hwmon: (xgene-hwmon) use appropriate type for the latency value (stable-fixes).\n- i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).\n- i2c: pxa: fix call balance of i2c-\u003eclk handling routines (stable-fixes).\n- i2c: qup: Vote for interconnect bandwidth to DRAM (stable-fixes).\n- i2c: tegra: check msg length in SMBUS block read (bsc#1242086)\n- i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() (git-fixes).\n- i3c: master: svc: Fix missing STOP for master request (stable-fixes).\n- i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) (stable-fixes).\n- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).\n- idpf: fix offloads support for encapsulated packets (git-fixes).\n- idpf: fix potential memory leak on kcalloc() failure (git-fixes).\n- idpf: protect shutdown from reset (git-fixes).\n- ieee802154: ca8210: Use proper setters and getters for bitwise types (stable-fixes).\n- igc: fix lock order in igc_ptp_reset (git-fixes).\n- iio: accel: fxls8962af: Fix temperature scan element sign (git-fixes).\n- iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes).\n- iio: adc: ad7606_spi: fix reg write value mask (git-fixes).\n- iio: filter: admv8818: Support frequencies \u003e= 2^32 (git-fixes).\n- iio: filter: admv8818: fix band 4, state 15 (git-fixes).\n- iio: filter: admv8818: fix integer overflow (git-fixes).\n- iio: filter: admv8818: fix range calculation (git-fixes).\n- iio: imu: inv_icm42600: Fix temperature calculation (git-fixes).\n- ima: process_measurement() needlessly takes inode_lock() on MAY_READ (stable-fixes).\n- inetpeer: remove create argument of inet_getpeer_v() (git-fixes).\n- inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).\n- intel_th: avoid using deprecated page-\u003emapping, index fields (stable-fixes).\n- iommu: Protect against overflow in iommu_pgsize() (git-fixes).\n- ip6mr: fix tables suspicious RCU usage (git-fixes).\n- ip_tunnel: annotate data-races around t-\u003eparms.link (git-fixes).\n- ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (git-fixes).\n- ipmr: fix tables suspicious RCU usage (git-fixes).\n- ipv4/route: avoid unused-but-set-variable warning (git-fixes).\n- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).\n- ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).\n- ipv4: Convert ip_route_input() to dscp_t (git-fixes).\n- ipv4: Correct/silence an endian warning in __ip_do_redirect (git-fixes).\n- ipv4: Fix incorrect source address in Record Route option (git-fixes).\n- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).\n- ipv4: fix source address selection with route leak (git-fixes).\n- ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).\n- ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).\n- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). Both spellings are actually used\n- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).\n- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).\n- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).\n- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).\n- ipv6: Align behavior across nexthops during path selection (git-fixes).\n- ipv6: Do not consider link down nexthops in path selection (git-fixes).\n- ipv6: Start path selection from the first nexthop (git-fixes).\n- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).\n- ipv6: save dontfrag in cork (git-fixes).\n- ipvs: Always clear ipvs_property flag in skb_scrub_packet() (git-fixes).\n- jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (git-fixes).\n- jffs2: check that raw node were preallocated before writing summary (git-fixes).\n- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).\n- jiffies: Define secs_to_jiffies() (bsc#1242993).\n- kABI workaround for hda_codec.beep_just_power_on flag (git-fixes).\n- kABI: ipv6: save dontfrag in cork (git-fixes).\n- leds: pwm-multicolor: Add check for fwnode_property_read_u32 (stable-fixes).\n- loop: Add sanity check for read/write_iter (git-fixes).\n- loop: aio inherit the ioprio of original request (git-fixes).\n- loop: do not require -\u003ewrite_iter for writable files in loop_configure (git-fixes).\n- mailbox: use error ret code of of_parse_phandle_with_args() (stable-fixes).\n- md/raid1,raid10: do not ignore IO flags (git-fixes).\n- md/raid10: fix missing discard IO accounting (git-fixes).\n- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).\n- md/raid1: Add check for missing source disk in process_checks() (git-fixes).\n- md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).\n- md/raid5: implement pers-\u003ebitmap_sector() (git-fixes).\n- md: add a new callback pers-\u003ebitmap_sector() (git-fixes).\n- md: ensure resync is prioritized over recovery (git-fixes).\n- md: fix mddev uaf while iterating all_mddevs list (git-fixes).\n- md: preserve KABI in struct md_personality v2 (git-fixes).\n- media: adv7180: Disable test-pattern control on adv7180 (stable-fixes).\n- media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (stable-fixes).\n- media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (git-fixes).\n- media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (git-fixes).\n- media: ccs-pll: Start OP pre-PLL multiplier search from correct value (git-fixes).\n- media: ccs-pll: Start VT pre-PLL multiplier search from correct value (git-fixes).\n- media: cx231xx: set device_caps for 417 (stable-fixes).\n- media: cxusb: no longer judge rbuf when the write fails (git-fixes).\n- media: davinci: vpif: Fix memory leak in probe error path (git-fixes).\n- media: gspca: Add error handling for stv06xx_read_sensor() (git-fixes).\n- media: i2c: imx219: Correct the minimum vblanking value (stable-fixes).\n- media: imx-jpeg: Cleanup after an allocation error (git-fixes).\n- media: imx-jpeg: Drop the first error frames (git-fixes).\n- media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead (git-fixes).\n- media: imx-jpeg: Reset slot data pointers when freed (git-fixes).\n- media: nxp: imx8-isi: better handle the m2m usage_count (git-fixes).\n- media: omap3isp: use sgtable-based scatterlist wrappers (git-fixes).\n- media: ov5675: suppress probe deferral errors (git-fixes).\n- media: ov8856: suppress probe deferral errors (git-fixes).\n- media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available (stable-fixes).\n- media: rkvdec: Fix frame size enumeration (git-fixes).\n- media: tc358746: improve calculation of the D-PHY timing registers (stable-fixes).\n- media: test-drivers: vivid: do not call schedule in loop (stable-fixes).\n- media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map (stable-fixes).\n- media: uvcvideo: Fix deferred probing error (git-fixes).\n- media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value (stable-fixes).\n- media: uvcvideo: Return the number of processed controls (git-fixes).\n- media: v4l2-dev: fix error handling in __video_register_device() (git-fixes).\n- media: v4l: Memset argument to 0 before calling get_mbus_config pad op (stable-fixes).\n- media: venus: Fix probe error handling (git-fixes).\n- media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).\n- media: videobuf2: use sgtable-based scatterlist wrappers (git-fixes).\n- media: vidtv: Terminating the subsequent process of initialization failure (git-fixes).\n- media: vivid: Change the siize of the composing (git-fixes).\n- mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (git-fixes).\n- mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (git-fixes).\n- mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check (stable-fixes).\n- mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes).\n- mmc: host: Wait for Vdd to settle on card power off (stable-fixes).\n- mmc: sdhci: Disable SD card clock before changing parameters (stable-fixes).\n- mtd: nand: ecc-mxic: Fix use of uninitialized variable ret (git-fixes).\n- mtd: nand: sunxi: Add randomizer configuration before randomizer enable (git-fixes).\n- mtd: phram: Add the kernel lock down check (bsc#1232649).\n- mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (git-fixes).\n- neighbour: Do not let neigh_forced_gc() disable preemption for long (git-fixes).\n- neighbour: delete redundant judgment statements (git-fixes).\n- net/handshake: Fix handshake_req_destroy_test1 (git-fixes).\n- net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).\n- net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).\n- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).\n- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).\n- net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).\n- net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).\n- net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).\n- net/neighbor: clear error in case strict check is not set (git-fixes).\n- net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).\n- net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).\n- net: Handle napi_schedule() calls from non-interrupt (git-fixes).\n- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).\n- net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (git-fixes).\n- net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).\n- net: add rcu safety to rtnl_prop_list_size() (git-fixes).\n- net: do not dump stack on queue timeout (git-fixes).\n- net: fix udp gso skb_segment after pull from frag_list (git-fixes).\n- net: give more chances to rcu in netdev_wait_allrefs_any() (git-fixes).\n- net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).\n- net: ipv4: fix a memleak in ip_setup_cork (git-fixes).\n- net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).\n- net: linkwatch: use system_unbound_wq (git-fixes).\n- net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).\n- net: page_pool: fix warning code (git-fixes).\n- net: phy: clear phydev-\u003edevlink when the link is deleted (git-fixes).\n- net: phy: fix up const issues in to_mdio_device() and to_phy_device() (git-fixes).\n- net: phy: mscc: Fix memory leak when using one step timestamping (git-fixes).\n- net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (git-fixes).\n- net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).\n- net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).\n- net: sched: cls_u32: Fix allocation size in u32_init() (git-fixes).\n- net: sched: consistently use rcu_replace_pointer() in taprio_change() (git-fixes).\n- net: sched: em_text: fix possible memory leak in em_text_destroy() (git-fixes).\n- net: sched: fix erspan_opt settings in cls_flower (git-fixes).\n- net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).\n- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).\n- net: usb: aqc111: debug info before sanitation (git-fixes).\n- net: usb: aqc111: fix error handling of usbnet read calls (git-fixes).\n- net: wwan: t7xx: Fix napi rx poll issue (git-fixes).\n- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)\n- netdev-genl: Hold rcu_read_lock in napi_get (git-fixes).\n- netdev-genl: avoid empty messages in queue dump (git-fixes).\n- netdev: fix repeated netlink messages in queue dump (git-fixes).\n- netlink: annotate data-races around sk-\u003esk_err (git-fixes).\n- netpoll: Ensure clean state on setup failures (git-fixes).\n- netpoll: Use rcu_access_pointer() in __netpoll_setup (git-fixes).\n- netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes).\n- nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).\n- nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (git-fixes).\n- nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).\n- nfsd: validate the nfsd_serv pointer before calling svc_wake_up (git-fixes).\n- nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).\n- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).\n- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).\n- nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).\n- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).\n- nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).\n- nvme-tcp: fix premature queue removal and I/O failover (git-fixes).\n- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).\n- nvme: Add \u0027partial_nid\u0027 quirk (bsc#1241148).\n- nvme: Add warning when a partiually unique NID is detected (bsc#1241148).\n- nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).\n- nvme: multipath: fix return value of nvme_available_path (git-fixes).\n- nvme: re-read ANA log page after ns scan completes (git-fixes).\n- nvme: requeue namespace scan on missed AENs (git-fixes).\n- nvme: unblock ctrl state transition for firmware update (git-fixes).\n- nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).\n- nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).\n- nvmet-fc: put ref when assoc-\u003edel_work is already scheduled (git-fixes).\n- nvmet-fc: take tgtport reference only once (git-fixes).\n- nvmet-fc: update tgtport ref per assoc (git-fixes).\n- nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).\n- nvmet-fcloop: add ref counting to lport (git-fixes).\n- nvmet-fcloop: replace kref with refcount (git-fixes).\n- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).\n- objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).\n- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).\n- octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).\n- orangefs: Do not truncate file size (git-fixes).\n- pNFS/flexfiles: Report ENETDOWN as a connection error (git-fixes).\n- padata: do not leak refcount in reorder_work (git-fixes).\n- page_pool: Fix use-after-free in page_pool_recycle_in_ring (git-fixes).\n- phy: Fix error handling in tegra_xusb_port_init (git-fixes).\n- phy: core: do not require set_mode() callback for phy_get_mode() to work (stable-fixes).\n- phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Add support to initialize the bus (stable-fixes).\n- phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (git-fixes).\n- phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (stable-fixes).\n- phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).\n- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).\n- phy: tegra: xusb: remove a stray unlock (git-fixes).\n- pinctrl-tegra: Restore SFSEL bit when freeing pins (stable-fixes).\n- pinctrl: armada-37xx: set GPIO output value before setting direction (git-fixes).\n- pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs \u003e 31 (git-fixes).\n- pinctrl: at91: Fix possible out-of-boundary access (git-fixes).\n- pinctrl: bcm281xx: Use \"unsigned int\" instead of bare \"unsigned\" (stable-fixes).\n- pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (stable-fixes).\n- pinctrl: meson: define the pull up/down resistor value as 60 kOhm (stable-fixes).\n- pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() (git-fixes).\n- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).\n- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (git-fixes).\n- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (stable-fixes).\n- platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (stable-fixes).\n- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (git-fixes).\n- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (stable-fixes).\n- power: reset: at91-reset: Optimize at91_reset() (git-fixes).\n- powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).\n- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).\n- powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1215199).\n- pstore: Change kmsg_bytes storage size to u32 (git-fixes).\n- qibfs: fix _another_ leak (git-fixes)\n- rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)\n- rcu/tasks: Handle new PF_IDLE semantics (git-fixes)\n- rcu: Break rcu_node_0 --\u003e \u0026rq-\u003e__lock order (git-fixes)\n- rcu: Introduce rcu_cpu_online() (git-fixes)\n- regulator: ad5398: Add device tree support (stable-fixes).\n- regulator: max14577: Add error check for max14577_read_reg() (git-fixes).\n- regulator: max20086: Change enable gpio to optional (git-fixes).\n- regulator: max20086: Fix MAX200086 chip id (git-fixes).\n- regulator: max20086: fix invalid memory access (git-fixes).\n- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN\n- rtc: Fix offset calculation for .start_secs \u0026lt; 0 (git-fixes).\n- rtc: at91rm9200: drop unused module alias (git-fixes).\n- rtc: cpcap: drop unused module alias (git-fixes).\n- rtc: da9063: drop unused module alias (git-fixes).\n- rtc: ds1307: stop disabling alarms on probe (stable-fixes).\n- rtc: jz4740: drop unused module alias (git-fixes).\n- rtc: pm8xxx: drop unused module alias (git-fixes).\n- rtc: rv3032: fix EERD location (stable-fixes).\n- rtc: s3c: drop unused module alias (git-fixes).\n- rtc: sh: assign correct interrupts with DT (git-fixes).\n- rtc: stm32: drop unused module alias (git-fixes).\n- s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).\n- s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1244145).\n- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes bsc#1244145).\n- s390/pci: Fix potential double remove of hotplug slot (bsc#1244145).\n- s390/pci: Prevent self deletion in disable_slot() (bsc#1244145).\n- s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1244145).\n- s390/pci: Serialize device addition and removal (bsc#1244145).\n- s390/pci: introduce lock to synchronize state of zpci_dev\u0027s (jsc#PED-10253 bsc#1244145).\n- s390/pci: remove hotplug slot when releasing the device (bsc#1244145).\n- s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253 bsc#1244145).\n- scsi: Improve CDL control (git-fixes).\n- scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).\n- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).\n- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).\n- scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).\n- scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).\n- scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).\n- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).\n- scsi: lpfc: Fix spelling mistake \u0027Toplogy\u0027 -\u003e \u0027Topology\u0027 (bsc#1242993).\n- scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).\n- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).\n- scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).\n- scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).\n- scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).\n- scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).\n- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).\n- scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).\n- scsi: qla2xxx: Fix typos in a comment (bsc#1243090).\n- scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).\n- scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).\n- scsi: qla2xxx: Remove unused module parameters (bsc#1243090).\n- scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).\n- scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).\n- selftests/bpf: Fix bpf_nf selftest failure (git-fixes).\n- selftests/mm: fix incorrect buffer-\u003emirror size in hmm2 double_map test (bsc#1242203).\n- selftests/mm: restore default nr_hugepages value during cleanup in hugetlb_reparenting_test.sh (git-fixes).\n- selftests/net: have `gro.sh -t` return a correct exit code (stable-fixes).\n- selftests/seccomp: fix syscall_restart test for arm compat (git-fixes).\n- serial: Fix potential null-ptr-deref in mlb_usio_probe() (git-fixes).\n- serial: sh-sci: Save and restore more registers (git-fixes).\n- serial: sh-sci: Update the suspend/resume support (stable-fixes).\n- smb3: fix Open files on server counter going negative (git-fixes).\n- smb: client: Use str_yes_no() helper function (git-fixes).\n- smb: client: allow more DFS referrals to be cached (git-fixes).\n- smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes).\n- smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes).\n- smb: client: do not retry DFS targets on server shutdown (git-fixes).\n- smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes).\n- smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes).\n- smb: client: fix DFS interlink failover (git-fixes).\n- smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes).\n- smb: client: fix hang in wait_for_response() for negproto (bsc#1242709).\n- smb: client: fix potential race in cifs_put_tcon() (git-fixes).\n- smb: client: fix return value of parse_dfs_referrals() (git-fixes).\n- smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes).\n- smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes).\n- smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes).\n- smb: client: improve purging of cached referrals (git-fixes).\n- smb: client: introduce av_for_each_entry() helper (git-fixes).\n- smb: client: optimize referral walk on failed link targets (git-fixes).\n- smb: client: parse DNS domain name from domain= option (git-fixes).\n- smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes).\n- smb: client: provide dns_resolve_{unc,name} helpers (git-fixes).\n- smb: client: refresh referral without acquiring refpath_lock (git-fixes).\n- smb: client: remove unnecessary checks in open_cached_dir() (git-fixes).\n- soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (git-fixes).\n- soc: aspeed: lpc: Fix impossible judgment condition (git-fixes).\n- soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes).\n- soc: ti: k3-socinfo: Do not use syscon helper to build regmap (stable-fixes).\n- soundwire: amd: change the soundwire wake enable/disable sequence (stable-fixes).\n- spi-rockchip: Fix register out of bounds access (stable-fixes).\n- spi: bcm63xx-hsspi: fix shared reset (git-fixes).\n- spi: bcm63xx-spi: fix shared reset (git-fixes).\n- spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).\n- spi: sh-msiof: Fix maximum DMA transfer size (git-fixes).\n- spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).\n- spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).\n- spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).\n- spi: spi-sun4i: fix early activation (stable-fixes).\n- spi: tegra114: Use value to check for invalid delays (git-fixes).\n- spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (git-fixes).\n- spi: tegra210-quad: modify chip select (CS) deactivation (git-fixes).\n- spi: tegra210-quad: remove redundant error handling code (git-fixes).\n- spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes).\n- staging: iio: ad5933: Correct settling cycles encoding per datasheet (git-fixes).\n- tcp/dccp: allow a connection when sk_max_ack_backlog is zero (git-fixes).\n- tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes).\n- tcp/dccp: complete lockless accesses to sk-\u003esk_max_ack_backlog (git-fixes).\n- tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() (git-fixes).\n- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).\n- tcp_cubic: fix incorrect HyStart round start detection (git-fixes).\n- tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes).\n- thermal/drivers/qoriq: Power down TMU on system suspend (stable-fixes).\n- thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).\n- thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer (stable-fixes).\n- thunderbolt: Fix a logic error in wake on connect (git-fixes).\n- udp: annotate data-races around up-\u003epending (git-fixes).\n- udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (git-fixes).\n- udp: fix receiving fraglist GSO packets (git-fixes).\n- udp: preserve the connected status if only UDP cmsg (git-fixes).\n- usb: Flush altsetting 0 endpoints before reinitializating them after reset (git-fixes).\n- usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes).\n- usb: cdnsp: Fix issue with detecting command completion event (git-fixes).\n- usb: renesas_usbhs: Reorder clock handling and power management in probe (git-fixes).\n- usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).\n- usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (git-fixes).\n- usb: usbtmc: Fix read_stb function and get_stb ioctl (git-fixes).\n- usb: usbtmc: Fix timeout value in get_stb (git-fixes).\n- usb: xhci: Do not change the status of stalled TDs on failed Stop EP (stable-fixes).\n- vgacon: Add check for vc_origin address range in vgacon_scroll() (git-fixes).\n- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).\n- virtio_console: fix missing byte order handling for cols and rows (git-fixes).\n- vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (git-fixes).\n- watchdog: exar: Shorten identity name to fit correctly (git-fixes).\n- wifi: ath11k: fix node corruption in ar-\u003earvifs list (git-fixes).\n- wifi: ath11k: fix ring-buffer corruption (git-fixes).\n- wifi: ath11k: fix rx completion meta data corruption (git-fixes).\n- wifi: ath12k: Add MSDU length validation for TKIP MIC error (git-fixes).\n- wifi: ath12k: Avoid napi_sync() before napi_enable() (stable-fixes).\n- wifi: ath12k: Fix WMI tag for EHT rate in peer assoc (git-fixes).\n- wifi: ath12k: Fix end offset bit definition in monitor ring descriptor (stable-fixes).\n- wifi: ath12k: Fix invalid memory access while forming 802.11 header (git-fixes).\n- wifi: ath12k: Fix memory leak during vdev_id mismatch (git-fixes).\n- wifi: ath12k: Fix the QoS control field offset to build QoS header (git-fixes).\n- wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band (stable-fixes).\n- wifi: ath12k: Report proper tx completion status to mac80211 (stable-fixes).\n- wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override (stable-fixes).\n- wifi: ath12k: fix cleanup path after mhi init (git-fixes).\n- wifi: ath12k: fix invalid access to memory (git-fixes).\n- wifi: ath12k: fix node corruption in ar-\u003earvifs list (git-fixes).\n- wifi: ath12k: fix ring-buffer corruption (git-fixes).\n- wifi: ath9k: return by of_get_mac_address (stable-fixes).\n- wifi: ath9k_htc: Abort software beacon handling if disabled (git-fixes).\n- wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes).\n- wifi: iwlwifi: add support for Killer on MTL (stable-fixes).\n- wifi: iwlwifi: fix debug actions order (stable-fixes).\n- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).\n- wifi: mac80211: do not unconditionally call drv_mgd_complete_tx() (stable-fixes).\n- wifi: mac80211: remove misplaced drv_mgd_complete_tx() call (stable-fixes).\n- wifi: mt76: disable napi on driver removal (git-fixes).\n- wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() (git-fixes).\n- wifi: mt76: mt7925: ensure all MCU commands wait for response (git-fixes).\n- wifi: mt76: mt7925: fix host interrupt register initialization (git-fixes).\n- wifi: mt76: mt7925: prevent multiple scan commands (git-fixes).\n- wifi: mt76: mt7925: refine the sniffer commnad (git-fixes).\n- wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes).\n- wifi: mt76: mt7996: revise TXS size (stable-fixes).\n- wifi: mt76: mt7996: set EHT max ampdu length capability (git-fixes).\n- wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 (stable-fixes).\n- wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (git-fixes).\n- wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (git-fixes).\n- wifi: rtw88: Do not use static local variable in rtw8822b_set_tx_power_index_by_rate (stable-fixes).\n- wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU (stable-fixes).\n- wifi: rtw88: Fix download_firmware_validate() for RTL8814AU (stable-fixes).\n- wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 (stable-fixes).\n- wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes).\n- wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU (stable-fixes).\n- wifi: rtw88: do not ignore hardware read error during DPK (git-fixes).\n- wifi: rtw88: fix the \u0027para\u0027 buffer size to avoid reading out of bounds (git-fixes).\n- wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally (git-fixes).\n- wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT (git-fixes).\n- wifi: rtw88: usb: Reduce control message timeout to 500 ms (git-fixes).\n- wifi: rtw89: add wiphy_lock() to work that isn\u0027t held wiphy_lock() yet (stable-fixes).\n- wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() (stable-fixes).\n- wifi: rtw89: pci: enlarge retry times of RX tag to 1000 (git-fixes).\n- x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in\n  mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes).\n- x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).\n- x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes).\n- x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes).\n- x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes).\n- x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes).\n- x86/xen: move xen_reserve_extra_memory() (git-fixes).\n- xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).\n- xen: Change xen-acpi-processor dom0 dependency (git-fixes).\n- xenfs/xensyms: respect hypervisor\u0027s \"next\" indication (git-fixes).\n- xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).\n- xhci: split free interrupter into separate remove and free parts (git-fixes).\n- xsk: Add truesize to skb_add_rx_frag() (git-fixes).\n- xsk: Do not assume metadata is always requested in TX completion (git-fixes).\n- xsk: always clear DMA mapping information when unmapping the pool (git-fixes).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.1-kernel-42",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20421-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:20421-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520421-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:20421-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040394.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215199",
        "url": "https://bugzilla.suse.com/1215199"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1220112",
        "url": "https://bugzilla.suse.com/1220112"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1223096",
        "url": "https://bugzilla.suse.com/1223096"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1226498",
        "url": "https://bugzilla.suse.com/1226498"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1228557",
        "url": "https://bugzilla.suse.com/1228557"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1228854",
        "url": "https://bugzilla.suse.com/1228854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1229491",
        "url": "https://bugzilla.suse.com/1229491"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1230581",
        "url": "https://bugzilla.suse.com/1230581"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1231016",
        "url": "https://bugzilla.suse.com/1231016"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232504",
        "url": "https://bugzilla.suse.com/1232504"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232649",
        "url": "https://bugzilla.suse.com/1232649"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232882",
        "url": "https://bugzilla.suse.com/1232882"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1233192",
        "url": "https://bugzilla.suse.com/1233192"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1234154",
        "url": "https://bugzilla.suse.com/1234154"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235149",
        "url": "https://bugzilla.suse.com/1235149"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235728",
        "url": "https://bugzilla.suse.com/1235728"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1235968",
        "url": "https://bugzilla.suse.com/1235968"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236142",
        "url": "https://bugzilla.suse.com/1236142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236208",
        "url": "https://bugzilla.suse.com/1236208"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1237312",
        "url": "https://bugzilla.suse.com/1237312"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238212",
        "url": "https://bugzilla.suse.com/1238212"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238473",
        "url": "https://bugzilla.suse.com/1238473"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238774",
        "url": "https://bugzilla.suse.com/1238774"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238992",
        "url": "https://bugzilla.suse.com/1238992"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239691",
        "url": "https://bugzilla.suse.com/1239691"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239925",
        "url": "https://bugzilla.suse.com/1239925"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240180",
        "url": "https://bugzilla.suse.com/1240180"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240593",
        "url": "https://bugzilla.suse.com/1240593"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240723",
        "url": "https://bugzilla.suse.com/1240723"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240823",
        "url": "https://bugzilla.suse.com/1240823"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240866",
        "url": "https://bugzilla.suse.com/1240866"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240966",
        "url": "https://bugzilla.suse.com/1240966"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241148",
        "url": "https://bugzilla.suse.com/1241148"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241282",
        "url": "https://bugzilla.suse.com/1241282"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241305",
        "url": "https://bugzilla.suse.com/1241305"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241340",
        "url": "https://bugzilla.suse.com/1241340"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241351",
        "url": "https://bugzilla.suse.com/1241351"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241376",
        "url": "https://bugzilla.suse.com/1241376"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241448",
        "url": "https://bugzilla.suse.com/1241448"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241457",
        "url": "https://bugzilla.suse.com/1241457"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241492",
        "url": "https://bugzilla.suse.com/1241492"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241519",
        "url": "https://bugzilla.suse.com/1241519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241525",
        "url": "https://bugzilla.suse.com/1241525"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241533",
        "url": "https://bugzilla.suse.com/1241533"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241538",
        "url": "https://bugzilla.suse.com/1241538"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241576",
        "url": "https://bugzilla.suse.com/1241576"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241590",
        "url": "https://bugzilla.suse.com/1241590"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241595",
        "url": "https://bugzilla.suse.com/1241595"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241596",
        "url": "https://bugzilla.suse.com/1241596"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241597",
        "url": "https://bugzilla.suse.com/1241597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241617",
        "url": "https://bugzilla.suse.com/1241617"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241625",
        "url": "https://bugzilla.suse.com/1241625"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241627",
        "url": "https://bugzilla.suse.com/1241627"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241635",
        "url": "https://bugzilla.suse.com/1241635"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241638",
        "url": "https://bugzilla.suse.com/1241638"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241644",
        "url": "https://bugzilla.suse.com/1241644"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241654",
        "url": "https://bugzilla.suse.com/1241654"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241657",
        "url": "https://bugzilla.suse.com/1241657"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242012",
        "url": "https://bugzilla.suse.com/1242012"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242035",
        "url": "https://bugzilla.suse.com/1242035"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242044",
        "url": "https://bugzilla.suse.com/1242044"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242086",
        "url": "https://bugzilla.suse.com/1242086"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242163",
        "url": "https://bugzilla.suse.com/1242163"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242203",
        "url": "https://bugzilla.suse.com/1242203"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242343",
        "url": "https://bugzilla.suse.com/1242343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242414",
        "url": "https://bugzilla.suse.com/1242414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242417",
        "url": "https://bugzilla.suse.com/1242417"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242501",
        "url": "https://bugzilla.suse.com/1242501"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242502",
        "url": "https://bugzilla.suse.com/1242502"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242504",
        "url": "https://bugzilla.suse.com/1242504"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242506",
        "url": "https://bugzilla.suse.com/1242506"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242507",
        "url": "https://bugzilla.suse.com/1242507"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242509",
        "url": "https://bugzilla.suse.com/1242509"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242510",
        "url": "https://bugzilla.suse.com/1242510"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242512",
        "url": "https://bugzilla.suse.com/1242512"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242513",
        "url": "https://bugzilla.suse.com/1242513"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242514",
        "url": "https://bugzilla.suse.com/1242514"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242520",
        "url": "https://bugzilla.suse.com/1242520"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242523",
        "url": "https://bugzilla.suse.com/1242523"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242524",
        "url": "https://bugzilla.suse.com/1242524"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242529",
        "url": "https://bugzilla.suse.com/1242529"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242530",
        "url": "https://bugzilla.suse.com/1242530"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242531",
        "url": "https://bugzilla.suse.com/1242531"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242532",
        "url": "https://bugzilla.suse.com/1242532"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242559",
        "url": "https://bugzilla.suse.com/1242559"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242563",
        "url": "https://bugzilla.suse.com/1242563"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242564",
        "url": "https://bugzilla.suse.com/1242564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242565",
        "url": "https://bugzilla.suse.com/1242565"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242566",
        "url": "https://bugzilla.suse.com/1242566"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242567",
        "url": "https://bugzilla.suse.com/1242567"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242568",
        "url": "https://bugzilla.suse.com/1242568"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242569",
        "url": "https://bugzilla.suse.com/1242569"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242573",
        "url": "https://bugzilla.suse.com/1242573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242574",
        "url": "https://bugzilla.suse.com/1242574"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242575",
        "url": "https://bugzilla.suse.com/1242575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242578",
        "url": "https://bugzilla.suse.com/1242578"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242584",
        "url": "https://bugzilla.suse.com/1242584"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242585",
        "url": "https://bugzilla.suse.com/1242585"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242587",
        "url": "https://bugzilla.suse.com/1242587"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242591",
        "url": "https://bugzilla.suse.com/1242591"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242709",
        "url": "https://bugzilla.suse.com/1242709"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242727",
        "url": "https://bugzilla.suse.com/1242727"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242758",
        "url": "https://bugzilla.suse.com/1242758"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242760",
        "url": "https://bugzilla.suse.com/1242760"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242761",
        "url": "https://bugzilla.suse.com/1242761"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242762",
        "url": "https://bugzilla.suse.com/1242762"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242763",
        "url": "https://bugzilla.suse.com/1242763"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242764",
        "url": "https://bugzilla.suse.com/1242764"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242766",
        "url": "https://bugzilla.suse.com/1242766"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242770",
        "url": "https://bugzilla.suse.com/1242770"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242778",
        "url": "https://bugzilla.suse.com/1242778"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242781",
        "url": "https://bugzilla.suse.com/1242781"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242782",
        "url": "https://bugzilla.suse.com/1242782"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242785",
        "url": "https://bugzilla.suse.com/1242785"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242786",
        "url": "https://bugzilla.suse.com/1242786"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242792",
        "url": "https://bugzilla.suse.com/1242792"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242846",
        "url": "https://bugzilla.suse.com/1242846"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242849",
        "url": "https://bugzilla.suse.com/1242849"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242850",
        "url": "https://bugzilla.suse.com/1242850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242852",
        "url": "https://bugzilla.suse.com/1242852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242854",
        "url": "https://bugzilla.suse.com/1242854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242856",
        "url": "https://bugzilla.suse.com/1242856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242859",
        "url": "https://bugzilla.suse.com/1242859"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242860",
        "url": "https://bugzilla.suse.com/1242860"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242861",
        "url": "https://bugzilla.suse.com/1242861"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242866",
        "url": "https://bugzilla.suse.com/1242866"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242867",
        "url": "https://bugzilla.suse.com/1242867"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242868",
        "url": "https://bugzilla.suse.com/1242868"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242871",
        "url": "https://bugzilla.suse.com/1242871"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242873",
        "url": "https://bugzilla.suse.com/1242873"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242875",
        "url": "https://bugzilla.suse.com/1242875"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242906",
        "url": "https://bugzilla.suse.com/1242906"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242908",
        "url": "https://bugzilla.suse.com/1242908"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242924",
        "url": "https://bugzilla.suse.com/1242924"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242930",
        "url": "https://bugzilla.suse.com/1242930"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242940",
        "url": "https://bugzilla.suse.com/1242940"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242944",
        "url": "https://bugzilla.suse.com/1242944"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242945",
        "url": "https://bugzilla.suse.com/1242945"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242946",
        "url": "https://bugzilla.suse.com/1242946"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242948",
        "url": "https://bugzilla.suse.com/1242948"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242949",
        "url": "https://bugzilla.suse.com/1242949"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242951",
        "url": "https://bugzilla.suse.com/1242951"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242953",
        "url": "https://bugzilla.suse.com/1242953"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242954",
        "url": "https://bugzilla.suse.com/1242954"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242955",
        "url": "https://bugzilla.suse.com/1242955"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242957",
        "url": "https://bugzilla.suse.com/1242957"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242959",
        "url": "https://bugzilla.suse.com/1242959"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242961",
        "url": "https://bugzilla.suse.com/1242961"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242962",
        "url": "https://bugzilla.suse.com/1242962"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242973",
        "url": "https://bugzilla.suse.com/1242973"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242974",
        "url": "https://bugzilla.suse.com/1242974"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242977",
        "url": "https://bugzilla.suse.com/1242977"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242982",
        "url": "https://bugzilla.suse.com/1242982"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242990",
        "url": "https://bugzilla.suse.com/1242990"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1242993",
        "url": "https://bugzilla.suse.com/1242993"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243000",
        "url": "https://bugzilla.suse.com/1243000"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243006",
        "url": "https://bugzilla.suse.com/1243006"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243011",
        "url": "https://bugzilla.suse.com/1243011"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243015",
        "url": "https://bugzilla.suse.com/1243015"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243044",
        "url": "https://bugzilla.suse.com/1243044"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243049",
        "url": "https://bugzilla.suse.com/1243049"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243056",
        "url": "https://bugzilla.suse.com/1243056"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243074",
        "url": "https://bugzilla.suse.com/1243074"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243076",
        "url": "https://bugzilla.suse.com/1243076"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243077",
        "url": "https://bugzilla.suse.com/1243077"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243082",
        "url": "https://bugzilla.suse.com/1243082"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243090",
        "url": "https://bugzilla.suse.com/1243090"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243330",
        "url": "https://bugzilla.suse.com/1243330"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243342",
        "url": "https://bugzilla.suse.com/1243342"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243456",
        "url": "https://bugzilla.suse.com/1243456"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243469",
        "url": "https://bugzilla.suse.com/1243469"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243470",
        "url": "https://bugzilla.suse.com/1243470"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243471",
        "url": "https://bugzilla.suse.com/1243471"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243472",
        "url": "https://bugzilla.suse.com/1243472"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243473",
        "url": "https://bugzilla.suse.com/1243473"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243475",
        "url": "https://bugzilla.suse.com/1243475"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243476",
        "url": "https://bugzilla.suse.com/1243476"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243509",
        "url": "https://bugzilla.suse.com/1243509"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243511",
        "url": "https://bugzilla.suse.com/1243511"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243513",
        "url": "https://bugzilla.suse.com/1243513"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243515",
        "url": "https://bugzilla.suse.com/1243515"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243516",
        "url": "https://bugzilla.suse.com/1243516"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243517",
        "url": "https://bugzilla.suse.com/1243517"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243519",
        "url": "https://bugzilla.suse.com/1243519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243522",
        "url": "https://bugzilla.suse.com/1243522"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243524",
        "url": "https://bugzilla.suse.com/1243524"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243528",
        "url": "https://bugzilla.suse.com/1243528"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243529",
        "url": "https://bugzilla.suse.com/1243529"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243530",
        "url": "https://bugzilla.suse.com/1243530"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243534",
        "url": "https://bugzilla.suse.com/1243534"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243536",
        "url": "https://bugzilla.suse.com/1243536"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243537",
        "url": "https://bugzilla.suse.com/1243537"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243539",
        "url": "https://bugzilla.suse.com/1243539"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243540",
        "url": "https://bugzilla.suse.com/1243540"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243541",
        "url": "https://bugzilla.suse.com/1243541"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243542",
        "url": "https://bugzilla.suse.com/1243542"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243543",
        "url": "https://bugzilla.suse.com/1243543"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243545",
        "url": "https://bugzilla.suse.com/1243545"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243547",
        "url": "https://bugzilla.suse.com/1243547"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243559",
        "url": "https://bugzilla.suse.com/1243559"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243560",
        "url": "https://bugzilla.suse.com/1243560"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243562",
        "url": "https://bugzilla.suse.com/1243562"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243567",
        "url": "https://bugzilla.suse.com/1243567"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243571",
        "url": "https://bugzilla.suse.com/1243571"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243572",
        "url": "https://bugzilla.suse.com/1243572"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243573",
        "url": "https://bugzilla.suse.com/1243573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243574",
        "url": "https://bugzilla.suse.com/1243574"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243575",
        "url": "https://bugzilla.suse.com/1243575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243589",
        "url": "https://bugzilla.suse.com/1243589"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243621",
        "url": "https://bugzilla.suse.com/1243621"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243624",
        "url": "https://bugzilla.suse.com/1243624"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243625",
        "url": "https://bugzilla.suse.com/1243625"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243626",
        "url": "https://bugzilla.suse.com/1243626"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243627",
        "url": "https://bugzilla.suse.com/1243627"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243628",
        "url": "https://bugzilla.suse.com/1243628"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243649",
        "url": "https://bugzilla.suse.com/1243649"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243657",
        "url": "https://bugzilla.suse.com/1243657"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243658",
        "url": "https://bugzilla.suse.com/1243658"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243659",
        "url": "https://bugzilla.suse.com/1243659"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243660",
        "url": "https://bugzilla.suse.com/1243660"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243664",
        "url": "https://bugzilla.suse.com/1243664"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243737",
        "url": "https://bugzilla.suse.com/1243737"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243782",
        "url": "https://bugzilla.suse.com/1243782"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243805",
        "url": "https://bugzilla.suse.com/1243805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243836",
        "url": "https://bugzilla.suse.com/1243836"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243963",
        "url": "https://bugzilla.suse.com/1243963"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1244145",
        "url": "https://bugzilla.suse.com/1244145"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1244261",
        "url": "https://bugzilla.suse.com/1244261"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-52888 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-52888/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-53146 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-53146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-43869 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-43869/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-46713 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-46713/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-49568 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-49568/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50106 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50106/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-50223 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-50223/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53135 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53135/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-54458 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-54458/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58098 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58098/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58099 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58099/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58100 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58100/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-58237 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-58237/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21629 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21629/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21648 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21648/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21702 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21787 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21787/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21814 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21814/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21868 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21868/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21919 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21919/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21938 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21938/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21997 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21997/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22005 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22005/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22021 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22021/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22030 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22030/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22056 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22056/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22057 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22057/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22063 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22063/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22066 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22066/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22070 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22070/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22089 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22089/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22095 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22095/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22103 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22103/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22113 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22113/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22119 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22119/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22124 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22124/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22125 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22125/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22126 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23140 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23140/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23141 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23141/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23142 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23142/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23144 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23144/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23146 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23147 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23147/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23148 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23148/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23149 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23149/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23150 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23150/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23151 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23151/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23155 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23155/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23156 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23156/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23157 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23157/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23158 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23158/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23159 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23159/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23160 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23160/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23161 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23161/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37738 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37738/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37740 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37740/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37741 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37741/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37742 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37742/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37743 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37743/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37747 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37747/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37748 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37748/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37749 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37749/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37750 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37750/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37752 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37752/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37754 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37754/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37755 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37755/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37758 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37758/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37765 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37765/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37766 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37766/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37767 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37767/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37768 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37768/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37769 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37769/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37770 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37770/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37771 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37771/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37772 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37772/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37773 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37773/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37780 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37780/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37781 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37781/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37782 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37782/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37787 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37787/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37788 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37788/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37789 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37789/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37790 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37790/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37792 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37792/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37793 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37793/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37794 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37794/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37796 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37796/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37797 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37797/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37798 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37798/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37800 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37800/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37801 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37801/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37803 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37803/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37804 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37804/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37805 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37805/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37809 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37809/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37810 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37810/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37812 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37812/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37815 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37815/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37819 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37819/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37820 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37820/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37823 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37823/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37824 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37824/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37829 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37829/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37830 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37830/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37831 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37831/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37833 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37833/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37836 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37836/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37839 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37839/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37840 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37841 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37841/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37842 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37842/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37844 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37844/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37849 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37849/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37850 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37850/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37851 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37851/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37852 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37853 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37853/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37854 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37858 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37858/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37862 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37862/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37865 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37865/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37867 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37867/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37870 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37870/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37871 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37871/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37873 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37873/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37874 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37874/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37875 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37875/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37879 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37879/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37881 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37881/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37886 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37886/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37887 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37887/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37889 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37889/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37890 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37891 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37891/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37892 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37892/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37897 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37897/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37900 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37901 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37901/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37903 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37903/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37905 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37905/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37911 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37911/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37912 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37912/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37913 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37913/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37914 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37914/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37915 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37915/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37917 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37917/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37918 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37918/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37925 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37925/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37928 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37928/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37929 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37929/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37930 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37930/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37931 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37931/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37932 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37932/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37933 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37933/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37936 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37936/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37937 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37937/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37943 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37943/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37944 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37944/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37948 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37948/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37949 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37949/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37951 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37951/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37953 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37953/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37954 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37954/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37957 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37957/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37958 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37958/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37959 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37959/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37960 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37960/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37963 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37963/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37967 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37967/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37968 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37968/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37969 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37969/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37970 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37970/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37972 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37972/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37974 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37974/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37978 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37978/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37979 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37979/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37980 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37980/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37982 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37982/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37983 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37983/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37985 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37985/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37986 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37986/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37987 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37987/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37989 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37989/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37990 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-37998 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-37998/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38104 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38104/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38152 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38152/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38240 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38240/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38637 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-39735 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-39735/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40014 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40014/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40325 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40325/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2025-06-16T15:33:59Z",
      "generator": {
        "date": "2025-06-16T15:33:59Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:20421-1",
      "initial_release_date": "2025-06-16T15:33:59Z",
      "revision_history": [
        {
          "date": "2025-06-16T15:33:59Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-6.4.0-33.1.aarch64",
                "product": {
                  "name": "kernel-rt-6.4.0-33.1.aarch64",
                  "product_id": "kernel-rt-6.4.0-33.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-6.4.0-33.1.aarch64",
                "product": {
                  "name": "kernel-rt-devel-6.4.0-33.1.aarch64",
                  "product_id": "kernel-rt-devel-6.4.0-33.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-rt-6.4.0-33.1.noarch",
                "product": {
                  "name": "kernel-devel-rt-6.4.0-33.1.noarch",
                  "product_id": "kernel-devel-rt-6.4.0-33.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-6.4.0-33.1.noarch",
                "product": {
                  "name": "kernel-source-rt-6.4.0-33.1.noarch",
                  "product_id": "kernel-source-rt-6.4.0-33.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-6.4.0-33.1.x86_64",
                "product": {
                  "name": "kernel-rt-6.4.0-33.1.x86_64",
                  "product_id": "kernel-rt-6.4.0-33.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-6.4.0-33.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-6.4.0-33.1.x86_64",
                  "product_id": "kernel-rt-devel-6.4.0-33.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-6.4.0-33.1.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-6.4.0-33.1.x86_64",
                  "product_id": "kernel-rt-livepatch-6.4.0-33.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.1",
                "product": {
                  "name": "SUSE Linux Micro 6.1",
                  "product_id": "SUSE Linux Micro 6.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-rt-6.4.0-33.1.noarch as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch"
        },
        "product_reference": "kernel-devel-rt-6.4.0-33.1.noarch",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-6.4.0-33.1.aarch64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64"
        },
        "product_reference": "kernel-rt-6.4.0-33.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-6.4.0-33.1.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64"
        },
        "product_reference": "kernel-rt-6.4.0-33.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-6.4.0-33.1.aarch64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64"
        },
        "product_reference": "kernel-rt-devel-6.4.0-33.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-6.4.0-33.1.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64"
        },
        "product_reference": "kernel-rt-devel-6.4.0-33.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-livepatch-6.4.0-33.1.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64"
        },
        "product_reference": "kernel-rt-livepatch-6.4.0-33.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-6.4.0-33.1.noarch as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        },
        "product_reference": "kernel-source-rt-6.4.0-33.1.noarch",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52888",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-52888"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Only free buffer VA that is not NULL\n\nIn the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly\ncalled only when the buffer to free exists, there are some instances\nthat didn\u0027t do the check and triggered warnings in practice.\n\nWe believe those checks were forgotten unintentionally. Add the checks\nback to fix the warnings.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-52888",
          "url": "https://www.suse.com/security/cve/CVE-2023-52888"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228557 for CVE-2023-52888",
          "url": "https://bugzilla.suse.com/1228557"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-52888"
    },
    {
      "cve": "CVE-2023-53146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-53146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()\n\nIn dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach dw2102_i2c_transfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 950e252cb469\n(\"[media] dw2102: limit messages to buffer size\")",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-53146",
          "url": "https://www.suse.com/security/cve/CVE-2023-53146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220112 for CVE-2023-53146",
          "url": "https://bugzilla.suse.com/1220112"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-53146"
    },
    {
      "cve": "CVE-2024-43869",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-43869"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix event leak upon exec and file release\n\nThe perf pending task work is never waited upon the matching event\nrelease. In the case of a child event, released via free_event()\ndirectly, this can potentially result in a leaked event, such as in the\nfollowing scenario that doesn\u0027t even require a weak IRQ work\nimplementation to trigger:\n\nschedule()\n   prepare_task_switch()\n=======\u003e \u003cNMI\u003e\n      perf_event_overflow()\n         event-\u003epending_sigtrap = ...\n         irq_work_queue(\u0026event-\u003epending_irq)\n\u003c======= \u003c/NMI\u003e\n      perf_event_task_sched_out()\n          event_sched_out()\n              event-\u003epending_sigtrap = 0;\n              atomic_long_inc_not_zero(\u0026event-\u003erefcount)\n              task_work_add(\u0026event-\u003epending_task)\n   finish_lock_switch()\n=======\u003e \u003cIRQ\u003e\n   perf_pending_irq()\n      //do nothing, rely on pending task work\n\u003c======= \u003c/IRQ\u003e\n\nbegin_new_exec()\n   perf_event_exit_task()\n      perf_event_exit_event()\n         // If is child event\n         free_event()\n            WARN(atomic_long_cmpxchg(\u0026event-\u003erefcount, 1, 0) != 1)\n            // event is leaked\n\nSimilar scenarios can also happen with perf_event_remove_on_exec() or\nsimply against concurrent perf_event_release().\n\nFix this with synchonizing against the possibly remaining pending task\nwork while freeing the event, just like is done with remaining pending\nIRQ work. This means that the pending task callback neither need nor\nshould hold a reference to the event, preventing it from ever beeing\nfreed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-43869",
          "url": "https://www.suse.com/security/cve/CVE-2024-43869"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1229491 for CVE-2024-43869",
          "url": "https://bugzilla.suse.com/1229491"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-43869"
    },
    {
      "cve": "CVE-2024-46713",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-46713"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event-\u003emmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-46713",
          "url": "https://www.suse.com/security/cve/CVE-2024-46713"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1230581 for CVE-2024-46713",
          "url": "https://bugzilla.suse.com/1230581"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-46713"
    },
    {
      "cve": "CVE-2024-49568",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-49568"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the fields v2_ext_offset/\neid_cnt/ism_gid_cnt in proposal msg are from the remote client\nand can not be fully trusted. Especially the field v2_ext_offset,\nonce exceed the max value, there has the chance to access wrong\naddress, and crash may happen.\n\nThis patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt\nbefore using them.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-49568",
          "url": "https://www.suse.com/security/cve/CVE-2024-49568"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235728 for CVE-2024-49568",
          "url": "https://bugzilla.suse.com/1235728"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-49568"
    },
    {
      "cve": "CVE-2024-50106",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50106"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn\u0027t empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that\u0027s based on adding 2 new additional\nstid\u0027s sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn\u0027t finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50106",
          "url": "https://www.suse.com/security/cve/CVE-2024-50106"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232882 for CVE-2024-50106",
          "url": "https://bugzilla.suse.com/1232882"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50106"
    },
    {
      "cve": "CVE-2024-50223",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-50223"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/numa: Fix the potential null pointer dereference in task_numa_work()\n\nWhen running stress-ng-vm-segv test, we found a null pointer dereference\nerror in task_numa_work(). Here is the backtrace:\n\n  [323676.066985] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n  ......\n  [323676.067108] CPU: 35 PID: 2694524 Comm: stress-ng-vm-se\n  ......\n  [323676.067113] pstate: 23401009 (nzCv daif +PAN -UAO +TCO +DIT +SSBS BTYPE=--)\n  [323676.067115] pc : vma_migratable+0x1c/0xd0\n  [323676.067122] lr : task_numa_work+0x1ec/0x4e0\n  [323676.067127] sp : ffff8000ada73d20\n  [323676.067128] x29: ffff8000ada73d20 x28: 0000000000000000 x27: 000000003e89f010\n  [323676.067130] x26: 0000000000080000 x25: ffff800081b5c0d8 x24: ffff800081b27000\n  [323676.067133] x23: 0000000000010000 x22: 0000000104d18cc0 x21: ffff0009f7158000\n  [323676.067135] x20: 0000000000000000 x19: 0000000000000000 x18: ffff8000ada73db8\n  [323676.067138] x17: 0001400000000000 x16: ffff800080df40b0 x15: 0000000000000035\n  [323676.067140] x14: ffff8000ada73cc8 x13: 1fffe0017cc72001 x12: ffff8000ada73cc8\n  [323676.067142] x11: ffff80008001160c x10: ffff000be639000c x9 : ffff8000800f4ba4\n  [323676.067145] x8 : ffff000810375000 x7 : ffff8000ada73974 x6 : 0000000000000001\n  [323676.067147] x5 : 0068000b33e26707 x4 : 0000000000000001 x3 : ffff0009f7158000\n  [323676.067149] x2 : 0000000000000041 x1 : 0000000000004400 x0 : 0000000000000000\n  [323676.067152] Call trace:\n  [323676.067153]  vma_migratable+0x1c/0xd0\n  [323676.067155]  task_numa_work+0x1ec/0x4e0\n  [323676.067157]  task_work_run+0x78/0xd8\n  [323676.067161]  do_notify_resume+0x1ec/0x290\n  [323676.067163]  el0_svc+0x150/0x160\n  [323676.067167]  el0t_64_sync_handler+0xf8/0x128\n  [323676.067170]  el0t_64_sync+0x17c/0x180\n  [323676.067173] Code: d2888001 910003fd f9000bf3 aa0003f3 (f9401000)\n  [323676.067177] SMP: stopping secondary CPUs\n  [323676.070184] Starting crashdump kernel...\n\nstress-ng-vm-segv in stress-ng is used to stress test the SIGSEGV error\nhandling function of the system, which tries to cause a SIGSEGV error on\nreturn from unmapping the whole address space of the child process.\n\nNormally this program will not cause kernel crashes. But before the\nmunmap system call returns to user mode, a potential task_numa_work()\nfor numa balancing could be added and executed. In this scenario, since the\nchild process has no vma after munmap, the vma_next() in task_numa_work()\nwill return a null pointer even if the vma iterator restarts from 0.\n\nRecheck the vma pointer before dereferencing it in task_numa_work().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-50223",
          "url": "https://www.suse.com/security/cve/CVE-2024-50223"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1233192 for CVE-2024-50223",
          "url": "https://bugzilla.suse.com/1233192"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-50223"
    },
    {
      "cve": "CVE-2024-53135",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53135"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN\n\nHide KVM\u0027s pt_mode module param behind CONFIG_BROKEN, i.e. disable support\nfor virtualizing Intel PT via guest/host mode unless BROKEN=y.  There are\nmyriad bugs in the implementation, some of which are fatal to the guest,\nand others which put the stability and health of the host at risk.\n\nFor guest fatalities, the most glaring issue is that KVM fails to ensure\ntracing is disabled, and *stays* disabled prior to VM-Enter, which is\nnecessary as hardware disallows loading (the guest\u0027s) RTIT_CTL if tracing\nis enabled (enforced via a VMX consistency check).  Per the SDM:\n\n  If the logical processor is operating with Intel PT enabled (if\n  IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the \"load\n  IA32_RTIT_CTL\" VM-entry control must be 0.\n\nOn the host side, KVM doesn\u0027t validate the guest CPUID configuration\nprovided by userspace, and even worse, uses the guest configuration to\ndecide what MSRs to save/load at VM-Enter and VM-Exit.  E.g. configuring\nguest CPUID to enumerate more address ranges than are supported in hardware\nwill result in KVM trying to passthrough, save, and load non-existent MSRs,\nwhich generates a variety of WARNs, ToPA ERRORs in the host, a potential\ndeadlock, etc.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53135",
          "url": "https://www.suse.com/security/cve/CVE-2024-53135"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234154 for CVE-2024-53135",
          "url": "https://bugzilla.suse.com/1234154"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-53135"
    },
    {
      "cve": "CVE-2024-54458",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-54458"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: bsg: Set bsg_queue to NULL after removal\n\nCurrently, this does not cause any issues, but I believe it is necessary to\nset bsg_queue to NULL after removing it to prevent potential use-after-free\n(UAF) access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-54458",
          "url": "https://www.suse.com/security/cve/CVE-2024-54458"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238992 for CVE-2024-54458",
          "url": "https://bugzilla.suse.com/1238992"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-54458"
    },
    {
      "cve": "CVE-2024-58098",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58098"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: track changes_pkt_data property for global functions\n\nWhen processing calls to certain helpers, verifier invalidates all\npacket pointers in a current state. For example, consider the\nfollowing program:\n\n    __attribute__((__noinline__))\n    long skb_pull_data(struct __sk_buff *sk, __u32 len)\n    {\n        return bpf_skb_pull_data(sk, len);\n    }\n\n    SEC(\"tc\")\n    int test_invalidate_checks(struct __sk_buff *sk)\n    {\n        int *p = (void *)(long)sk-\u003edata;\n        if ((void *)(p + 1) \u003e (void *)(long)sk-\u003edata_end) return TCX_DROP;\n        skb_pull_data(sk, 0);\n        *p = 42;\n        return TCX_PASS;\n    }\n\nAfter a call to bpf_skb_pull_data() the pointer \u0027p\u0027 can\u0027t be used\nsafely. See function filter.c:bpf_helper_changes_pkt_data() for a list\nof such helpers.\n\nAt the moment verifier invalidates packet pointers when processing\nhelper function calls, and does not traverse global sub-programs when\nprocessing calls to global sub-programs. This means that calls to\nhelpers done from global sub-programs do not invalidate pointers in\nthe caller state. E.g. the program above is unsafe, but is not\nrejected by verifier.\n\nThis commit fixes the omission by computing field\nbpf_subprog_info-\u003echanges_pkt_data for each sub-program before main\nverification pass.\nchanges_pkt_data should be set if:\n- subprogram calls helper for which bpf_helper_changes_pkt_data\n  returns true;\n- subprogram calls a global function,\n  for which bpf_subprog_info-\u003echanges_pkt_data should be set.\n\nThe verifier.c:check_cfg() pass is modified to compute this\ninformation. The commit relies on depth first instruction traversal\ndone by check_cfg() and absence of recursive function calls:\n- check_cfg() would eventually visit every call to subprogram S in a\n  state when S is fully explored;\n- when S is fully explored:\n  - every direct helper call within S is explored\n    (and thus changes_pkt_data is set if needed);\n  - every call to subprogram S1 called by S was visited with S1 fully\n    explored (and thus S inherits changes_pkt_data from S1).\n\nThe downside of such approach is that dead code elimination is not\ntaken into account: if a helper call inside global function is dead\nbecause of current configuration, verifier would conservatively assume\nthat the call occurs for the purpose of the changes_pkt_data\ncomputation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58098",
          "url": "https://www.suse.com/security/cve/CVE-2024-58098"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242565 for CVE-2024-58098",
          "url": "https://bugzilla.suse.com/1242565"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58098"
    },
    {
      "cve": "CVE-2024-58099",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58099"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame\n\nAndrew and Nikolay reported connectivity issues with Cilium\u0027s service\nload-balancing in case of vmxnet3.\n\nIf a BPF program for native XDP adds an encapsulation header such as\nIPIP and transmits the packet out the same interface, then in case\nof vmxnet3 a corrupted packet is being sent and subsequently dropped\non the path.\n\nvmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp()\nthrough vmxnet3_xdp_xmit_back() calculates an incorrect DMA address:\n\n  page = virt_to_page(xdpf-\u003edata);\n  tbi-\u003edma_addr = page_pool_get_dma_addr(page) +\n                  VMXNET3_XDP_HEADROOM;\n  dma_sync_single_for_device(\u0026adapter-\u003epdev-\u003edev,\n                             tbi-\u003edma_addr, buf_size,\n                             DMA_TO_DEVICE);\n\nThe above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP\nBPF program could have moved xdp-\u003edata. While the passed buf_size is\ncorrect (xdpf-\u003elen), the dma_addr needs to have a dynamic offset which\ncan be calculated as xdpf-\u003edata - (void *)xdpf, that is, xdp-\u003edata -\nxdp-\u003edata_hard_start.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58099",
          "url": "https://www.suse.com/security/cve/CVE-2024-58099"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242035 for CVE-2024-58099",
          "url": "https://bugzilla.suse.com/1242035"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58099"
    },
    {
      "cve": "CVE-2024-58100",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58100"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: check changes_pkt_data property for extension programs\n\nWhen processing calls to global sub-programs, verifier decides whether\nto invalidate all packet pointers in current state depending on the\nchanges_pkt_data property of the global sub-program.\n\nBecause of this, an extension program replacing a global sub-program\nmust be compatible with changes_pkt_data property of the sub-program\nbeing replaced.\n\nThis commit:\n- adds changes_pkt_data flag to struct bpf_prog_aux:\n  - this flag is set in check_cfg() for main sub-program;\n  - in jit_subprogs() for other sub-programs;\n- modifies bpf_check_attach_btf_id() to check changes_pkt_data flag;\n- moves call to check_attach_btf_id() after the call to check_cfg(),\n  because it needs changes_pkt_data flag to be set:\n\n    bpf_check:\n      ...                             ...\n    - check_attach_btf_id             resolve_pseudo_ldimm64\n      resolve_pseudo_ldimm64   --\u003e    bpf_prog_is_offloaded\n      bpf_prog_is_offloaded           check_cfg\n      check_cfg                     + check_attach_btf_id\n      ...                             ...\n\nThe following fields are set by check_attach_btf_id():\n- env-\u003eops\n- prog-\u003eaux-\u003eattach_btf_trace\n- prog-\u003eaux-\u003eattach_func_name\n- prog-\u003eaux-\u003eattach_func_proto\n- prog-\u003eaux-\u003edst_trampoline\n- prog-\u003eaux-\u003emod\n- prog-\u003eaux-\u003esaved_dst_attach_type\n- prog-\u003eaux-\u003esaved_dst_prog_type\n- prog-\u003eexpected_attach_type\n\nNeither of these fields are used by resolve_pseudo_ldimm64() or\nbpf_prog_offload_verifier_prep() (for netronome and netdevsim\ndrivers), so the reordering is safe.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58100",
          "url": "https://www.suse.com/security/cve/CVE-2024-58100"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242564 for CVE-2024-58100",
          "url": "https://bugzilla.suse.com/1242564"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58100"
    },
    {
      "cve": "CVE-2024-58237",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-58237"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: consider that tail calls invalidate packet pointers\n\nTail-called programs could execute any of the helpers that invalidate\npacket pointers. Hence, conservatively assume that each tail call\ninvalidates packet pointers.\n\nMaking the change in bpf_helper_changes_pkt_data() automatically makes\nuse of check_cfg() logic that computes \u0027changes_pkt_data\u0027 effect for\nglobal sub-programs, such that the following program could be\nrejected:\n\n    int tail_call(struct __sk_buff *sk)\n    {\n    \tbpf_tail_call_static(sk, \u0026jmp_table, 0);\n    \treturn 0;\n    }\n\n    SEC(\"tc\")\n    int not_safe(struct __sk_buff *sk)\n    {\n    \tint *p = (void *)(long)sk-\u003edata;\n    \t... make p valid ...\n    \ttail_call(sk);\n    \t*p = 42; /* this is unsafe */\n    \t...\n    }\n\nThe tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that\ncan invalidate packet pointers. Otherwise, it can\u0027t be freplaced with\ntailcall_freplace.c:entry_freplace() that does a tail call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-58237",
          "url": "https://www.suse.com/security/cve/CVE-2024-58237"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242574 for CVE-2024-58237",
          "url": "https://bugzilla.suse.com/1242574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-58237"
    },
    {
      "cve": "CVE-2025-21629",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21629"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets\n\nThe blamed commit disabled hardware offoad of IPv6 packets with\nextension headers on devices that advertise NETIF_F_IPV6_CSUM,\nbased on the definition of that feature in skbuff.h:\n\n *   * - %NETIF_F_IPV6_CSUM\n *     - Driver (device) is only able to checksum plain\n *       TCP or UDP packets over IPv6. These are specifically\n *       unencapsulated packets of the form IPv6|TCP or\n *       IPv6|UDP where the Next Header field in the IPv6\n *       header is either TCP or UDP. IPv6 extension headers\n *       are not supported with this feature. This feature\n *       cannot be set in features for a device with\n *       NETIF_F_HW_CSUM also set. This feature is being\n *       DEPRECATED (see below).\n\nThe change causes skb_warn_bad_offload to fire for BIG TCP\npackets.\n\n[  496.310233] WARNING: CPU: 13 PID: 23472 at net/core/dev.c:3129 skb_warn_bad_offload+0xc4/0xe0\n\n[  496.310297]  ? skb_warn_bad_offload+0xc4/0xe0\n[  496.310300]  skb_checksum_help+0x129/0x1f0\n[  496.310303]  skb_csum_hwoffload_help+0x150/0x1b0\n[  496.310306]  validate_xmit_skb+0x159/0x270\n[  496.310309]  validate_xmit_skb_list+0x41/0x70\n[  496.310312]  sch_direct_xmit+0x5c/0x250\n[  496.310317]  __qdisc_run+0x388/0x620\n\nBIG TCP introduced an IPV6_TLV_JUMBO IPv6 extension header to\ncommunicate packet length, as this is an IPv6 jumbogram. But, the\nfeature is only enabled on devices that support BIG TCP TSO. The\nheader is only present for PF_PACKET taps like tcpdump, and not\ntransmitted by physical devices.\n\nFor this specific case of extension headers that are not\ntransmitted, return to the situation before the blamed commit\nand support hardware offload.\n\nipv6_has_hopopt_jumbo() tests not only whether this header is present,\nbut also that it is the only extension header before a terminal (L4)\nheader.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21629",
          "url": "https://www.suse.com/security/cve/CVE-2025-21629"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1235968 for CVE-2025-21629",
          "url": "https://bugzilla.suse.com/1235968"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244722 for CVE-2025-21629",
          "url": "https://bugzilla.suse.com/1244722"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-21629"
    },
    {
      "cve": "CVE-2025-21648",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21648"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\n\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\nresizing hashtable because __GFP_NOWARN is unset. See:\n\n  0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\n\nNote: hashtable resize is only possible from init_netns.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21648",
          "url": "https://www.suse.com/security/cve/CVE-2025-21648"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236142 for CVE-2025-21648",
          "url": "https://bugzilla.suse.com/1236142"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21648"
    },
    {
      "cve": "CVE-2025-21702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n   Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21702",
          "url": "https://www.suse.com/security/cve/CVE-2025-21702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237312 for CVE-2025-21702",
          "url": "https://bugzilla.suse.com/1237312"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245797 for CVE-2025-21702",
          "url": "https://bugzilla.suse.com/1245797"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-21702"
    },
    {
      "cve": "CVE-2025-21787",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21787"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: better TEAM_OPTION_TYPE_STRING validation\n\nsyzbot reported following splat [1]\n\nMake sure user-provided data contains one nul byte.\n\n[1]\n BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]\n BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714\n  string_nocheck lib/vsprintf.c:633 [inline]\n  string+0x3ec/0x5f0 lib/vsprintf.c:714\n  vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843\n  __request_module+0x252/0x9f0 kernel/module/kmod.c:149\n  team_mode_get drivers/net/team/team_core.c:480 [inline]\n  team_change_mode drivers/net/team/team_core.c:607 [inline]\n  team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401\n  team_option_set drivers/net/team/team_core.c:375 [inline]\n  team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662\n  genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n  genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n  genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210\n  netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543\n  genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219\n  netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n  netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348\n  netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892\n  sock_sendmsg_nosec net/socket.c:718 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:733\n  ____sys_sendmsg+0x877/0xb60 net/socket.c:2573\n  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627\n  __sys_sendmsg net/socket.c:2659 [inline]\n  __do_sys_sendmsg net/socket.c:2664 [inline]\n  __se_sys_sendmsg net/socket.c:2662 [inline]\n  __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662\n  x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21787",
          "url": "https://www.suse.com/security/cve/CVE-2025-21787"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238774 for CVE-2025-21787",
          "url": "https://bugzilla.suse.com/1238774"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21787"
    },
    {
      "cve": "CVE-2025-21814",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21814"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Ensure info-\u003eenable callback is always set\n\nThe ioctl and sysfs handlers unconditionally call the -\u003eenable callback.\nNot all drivers implement that callback, leading to NULL dereferences.\nExample of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c.\n\nInstead use a dummy callback if no better was specified by the driver.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21814",
          "url": "https://www.suse.com/security/cve/CVE-2025-21814"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238473 for CVE-2025-21814",
          "url": "https://bugzilla.suse.com/1238473"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21814"
    },
    {
      "cve": "CVE-2025-21868",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21868"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: allow small head cache usage with large MAX_SKB_FRAGS values\n\nSabrina reported the following splat:\n\n    WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netif_napi_add_weight_locked+0x8f2/0xba0\n    Modules linked in:\n    CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-rc1-net-00092-g011b03359038 #996\n    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n    RIP: 0010:netif_napi_add_weight_locked+0x8f2/0xba0\n    Code: e8 c3 e6 6a fe 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc c7 44 24 10 ff ff ff ff e9 8f fb ff ff e8 9e e6 6a fe \u003c0f\u003e 0b e9 d3 fe ff ff e8 92 e6 6a fe 48 8b 04 24 be ff ff ff ff 48\n    RSP: 0000:ffffc9000001fc60 EFLAGS: 00010293\n    RAX: 0000000000000000 RBX: ffff88806ce48128 RCX: 1ffff11001664b9e\n    RDX: ffff888008f00040 RSI: ffffffff8317ca42 RDI: ffff88800b325cb6\n    RBP: ffff88800b325c40 R08: 0000000000000001 R09: ffffed100167502c\n    R10: ffff88800b3a8163 R11: 0000000000000000 R12: ffff88800ac1c168\n    R13: ffff88800ac1c168 R14: ffff88800ac1c168 R15: 0000000000000007\n    FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: ffff888008201000 CR3: 0000000004c94001 CR4: 0000000000370ef0\n    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n    Call Trace:\n    \u003cTASK\u003e\n    gro_cells_init+0x1ba/0x270\n    xfrm_input_init+0x4b/0x2a0\n    xfrm_init+0x38/0x50\n    ip_rt_init+0x2d7/0x350\n    ip_init+0xf/0x20\n    inet_init+0x406/0x590\n    do_one_initcall+0x9d/0x2e0\n    do_initcalls+0x23b/0x280\n    kernel_init_freeable+0x445/0x490\n    kernel_init+0x20/0x1d0\n    ret_from_fork+0x46/0x80\n    ret_from_fork_asm+0x1a/0x30\n    \u003c/TASK\u003e\n    irq event stamp: 584330\n    hardirqs last  enabled at (584338): [\u003cffffffff8168bf87\u003e] __up_console_sem+0x77/0xb0\n    hardirqs last disabled at (584345): [\u003cffffffff8168bf6c\u003e] __up_console_sem+0x5c/0xb0\n    softirqs last  enabled at (583242): [\u003cffffffff833ee96d\u003e] netlink_insert+0x14d/0x470\n    softirqs last disabled at (583754): [\u003cffffffff8317c8cd\u003e] netif_napi_add_weight_locked+0x77d/0xba0\n\non kernel built with MAX_SKB_FRAGS=45, where SKB_WITH_OVERHEAD(1024)\nis smaller than GRO_MAX_HEAD.\n\nSuch built additionally contains the revert of the single page frag cache\nso that napi_get_frags() ends up using the page frag allocator, triggering\nthe splat.\n\nNote that the underlying issue is independent from the mentioned\nrevert; address it ensuring that the small head cache will fit either TCP\nand GRO allocation and updating napi_alloc_skb() and __netdev_alloc_skb()\nto select kmalloc() usage for any allocation fitting such cache.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21868",
          "url": "https://www.suse.com/security/cve/CVE-2025-21868"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240180 for CVE-2025-21868",
          "url": "https://bugzilla.suse.com/1240180"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21868"
    },
    {
      "cve": "CVE-2025-21919",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21919"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix potential memory corruption in child_cfs_rq_on_list\n\nchild_cfs_rq_on_list attempts to convert a \u0027prev\u0027 pointer to a cfs_rq.\nThis \u0027prev\u0027 pointer can originate from struct rq\u0027s leaf_cfs_rq_list,\nmaking the conversion invalid and potentially leading to memory\ncorruption. Depending on the relative positions of leaf_cfs_rq_list and\nthe task group (tg) pointer within the struct, this can cause a memory\nfault or access garbage data.\n\nThe issue arises in list_add_leaf_cfs_rq, where both\ncfs_rq-\u003eleaf_cfs_rq_list and rq-\u003eleaf_cfs_rq_list are added to the same\nleaf list. Also, rq-\u003etmp_alone_branch can be set to rq-\u003eleaf_cfs_rq_list.\n\nThis adds a check `if (prev == \u0026rq-\u003eleaf_cfs_rq_list)` after the main\nconditional in child_cfs_rq_on_list. This ensures that the container_of\noperation will convert a correct cfs_rq struct.\n\nThis check is sufficient because only cfs_rqs on the same CPU are added\nto the list, so verifying the \u0027prev\u0027 pointer against the current rq\u0027s list\nhead is enough.\n\nFixes a potential memory corruption issue that due to current struct\nlayout might not be manifesting as a crash but could lead to unpredictable\nbehavior when the layout changes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21919",
          "url": "https://www.suse.com/security/cve/CVE-2025-21919"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240593 for CVE-2025-21919",
          "url": "https://bugzilla.suse.com/1240593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21919"
    },
    {
      "cve": "CVE-2025-21938",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21938"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix \u0027scheduling while atomic\u0027 in mptcp_pm_nl_append_new_local_addr\n\nIf multiple connection requests attempt to create an implicit mptcp\nendpoint in parallel, more than one caller may end up in\nmptcp_pm_nl_append_new_local_addr because none found the address in\nlocal_addr_list during their call to mptcp_pm_nl_get_local_id.  In this\ncase, the concurrent new_local_addr calls may delete the address entry\ncreated by the previous caller.  These deletes use synchronize_rcu, but\nthis is not permitted in some of the contexts where this function may be\ncalled.  During packet recv, the caller may be in a rcu read critical\nsection and have preemption disabled.\n\nAn example stack:\n\n   BUG: scheduling while atomic: swapper/2/0/0x00000302\n\n   Call Trace:\n   \u003cIRQ\u003e\n   dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\n   dump_stack (lib/dump_stack.c:124)\n   __schedule_bug (kernel/sched/core.c:5943)\n   schedule_debug.constprop.0 (arch/x86/include/asm/preempt.h:33 kernel/sched/core.c:5970)\n   __schedule (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 kernel/sched/features.h:29 kernel/sched/core.c:6621)\n   schedule (arch/x86/include/asm/preempt.h:84 kernel/sched/core.c:6804 kernel/sched/core.c:6818)\n   schedule_timeout (kernel/time/timer.c:2160)\n   wait_for_completion (kernel/sched/completion.c:96 kernel/sched/completion.c:116 kernel/sched/completion.c:127 kernel/sched/completion.c:148)\n   __wait_rcu_gp (include/linux/rcupdate.h:311 kernel/rcu/update.c:444)\n   synchronize_rcu (kernel/rcu/tree.c:3609)\n   mptcp_pm_nl_append_new_local_addr (net/mptcp/pm_netlink.c:966 net/mptcp/pm_netlink.c:1061)\n   mptcp_pm_nl_get_local_id (net/mptcp/pm_netlink.c:1164)\n   mptcp_pm_get_local_id (net/mptcp/pm.c:420)\n   subflow_check_req (net/mptcp/subflow.c:98 net/mptcp/subflow.c:213)\n   subflow_v4_route_req (net/mptcp/subflow.c:305)\n   tcp_conn_request (net/ipv4/tcp_input.c:7216)\n   subflow_v4_conn_request (net/mptcp/subflow.c:651)\n   tcp_rcv_state_process (net/ipv4/tcp_input.c:6709)\n   tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1934)\n   tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2334)\n   ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1))\n   ip_local_deliver_finish (include/linux/rcupdate.h:813 net/ipv4/ip_input.c:234)\n   ip_local_deliver (include/linux/netfilter.h:314 include/linux/netfilter.h:308 net/ipv4/ip_input.c:254)\n   ip_sublist_rcv_finish (include/net/dst.h:461 net/ipv4/ip_input.c:580)\n   ip_sublist_rcv (net/ipv4/ip_input.c:640)\n   ip_list_rcv (net/ipv4/ip_input.c:675)\n   __netif_receive_skb_list_core (net/core/dev.c:5583 net/core/dev.c:5631)\n   netif_receive_skb_list_internal (net/core/dev.c:5685 net/core/dev.c:5774)\n   napi_complete_done (include/linux/list.h:37 include/net/gro.h:449 include/net/gro.h:444 net/core/dev.c:6114)\n   igb_poll (drivers/net/ethernet/intel/igb/igb_main.c:8244) igb\n   __napi_poll (net/core/dev.c:6582)\n   net_rx_action (net/core/dev.c:6653 net/core/dev.c:6787)\n   handle_softirqs (kernel/softirq.c:553)\n   __irq_exit_rcu (kernel/softirq.c:588 kernel/softirq.c:427 kernel/softirq.c:636)\n   irq_exit_rcu (kernel/softirq.c:651)\n   common_interrupt (arch/x86/kernel/irq.c:247 (discriminator 14))\n   \u003c/IRQ\u003e\n\nThis problem seems particularly prevalent if the user advertises an\nendpoint that has a different external vs internal address.  In the case\nwhere the external address is advertised and multiple connections\nalready exist, multiple subflow SYNs arrive in parallel which tends to\ntrigger the race during creation of the first local_addr_list entries\nwhich have the internal address instead.\n\nFix by skipping the replacement of an existing implicit local address if\ncalled via mptcp_pm_nl_get_local_id.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21938",
          "url": "https://www.suse.com/security/cve/CVE-2025-21938"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240723 for CVE-2025-21938",
          "url": "https://bugzilla.suse.com/1240723"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21938"
    },
    {
      "cve": "CVE-2025-21997",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21997"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix an integer overflow in xp_create_and_assign_umem()\n\nSince the i and pool-\u003echunk_size variables are of type \u0027u32\u0027,\ntheir product can wrap around and then be cast to \u0027u64\u0027.\nThis can lead to two different XDP buffers pointing to the same\nmemory area.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21997",
          "url": "https://www.suse.com/security/cve/CVE-2025-21997"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240823 for CVE-2025-21997",
          "url": "https://bugzilla.suse.com/1240823"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21997"
    },
    {
      "cve": "CVE-2025-22005",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22005"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().\n\nfib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything\nwhen it fails.\n\nCommit 7dd73168e273 (\"ipv6: Always allocate pcpu memory in a fib6_nh\")\nmoved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init()\nbut forgot to add cleanup for fib6_nh-\u003enh_common.nhc_pcpu_rth_output in\ncase it fails to allocate fib6_nh-\u003ert6i_pcpu, resulting in memleak.\n\nLet\u0027s call fib_nh_common_release() and clear nhc_pcpu_rth_output in the\nerror path.\n\nNote that we can remove the fib6_nh_release() call in nh_create_ipv6()\nlater in net-next.git.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22005",
          "url": "https://www.suse.com/security/cve/CVE-2025-22005"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1240866 for CVE-2025-22005",
          "url": "https://bugzilla.suse.com/1240866"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22005"
    },
    {
      "cve": "CVE-2025-22021",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22021"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: socket: Lookup orig tuple for IPv6 SNAT\n\nnf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to\nrestore the original 5-tuple in case of SNAT, to be able to find the\nright socket (if any). Then socket_match() can correctly check whether\nthe socket was transparent.\n\nHowever, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this\nconntrack lookup, making xt_socket fail to match on the socket when the\npacket was SNATed. Add the same logic to nf_sk_lookup_slow_v6.\n\nIPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as\npods\u0027 addresses are in the fd00::/8 ULA subnet and need to be replaced\nwith the node\u0027s external address. Cilium leverages Envoy to enforce L7\npolicies, and Envoy uses transparent sockets. Cilium inserts an iptables\nprerouting rule that matches on `-m socket --transparent` and redirects\nthe packets to localhost, but it fails to match SNATed IPv6 packets due\nto that missing conntrack lookup.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22021",
          "url": "https://www.suse.com/security/cve/CVE-2025-22021"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241282 for CVE-2025-22021",
          "url": "https://bugzilla.suse.com/1241282"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-22021"
    },
    {
      "cve": "CVE-2025-22030",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22030"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()\n\nCurrently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding\nthe per-CPU acomp_ctx mutex.  crypto_free_acomp() then holds scomp_lock\n(through crypto_exit_scomp_ops_async()).\n\nOn the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through\ncrypto_scomp_init_tfm()), and then allocates memory.  If the allocation\nresults in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex.\n\nThe above dependencies can cause an ABBA deadlock.  For example in the\nfollowing scenario:\n\n(1) Task A running on CPU #1:\n    crypto_alloc_acomp_node()\n      Holds scomp_lock\n      Enters reclaim\n      Reads per_cpu_ptr(pool-\u003eacomp_ctx, 1)\n\n(2) Task A is descheduled\n\n(3) CPU #1 goes offline\n    zswap_cpu_comp_dead(CPU #1)\n      Holds per_cpu_ptr(pool-\u003eacomp_ctx, 1))\n      Calls crypto_free_acomp()\n      Waits for scomp_lock\n\n(4) Task A running on CPU #2:\n      Waits for per_cpu_ptr(pool-\u003eacomp_ctx, 1) // Read on CPU #1\n      DEADLOCK\n\nSince there is no requirement to call crypto_free_acomp() with the per-CPU\nacomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is\nunlocked.  Also move the acomp_request_free() and kfree() calls for\nconsistency and to avoid any potential sublte locking dependencies in the\nfuture.\n\nWith this, only setting acomp_ctx fields to NULL occurs with the mutex\nheld.  This is similar to how zswap_cpu_comp_prepare() only initializes\nacomp_ctx fields with the mutex held, after performing all allocations\nbefore holding the mutex.\n\nOpportunistically, move the NULL check on acomp_ctx so that it takes place\nbefore the mutex dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22030",
          "url": "https://www.suse.com/security/cve/CVE-2025-22030"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241376 for CVE-2025-22030",
          "url": "https://bugzilla.suse.com/1241376"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22030"
    },
    {
      "cve": "CVE-2025-22056",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22056"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tunnel: fix geneve_opt type confusion addition\n\nWhen handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the\nparsing logic should place every geneve_opt structure one by one\ncompactly. Hence, when deciding the next geneve_opt position, the\npointer addition should be in units of char *.\n\nHowever, the current implementation erroneously does type conversion\nbefore the addition, which will lead to heap out-of-bounds write.\n\n[    6.989857] ==================================================================\n[    6.990293] BUG: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70\n[    6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178\n[    6.991162]\n[    6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1\n[    6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[    6.992281] Call Trace:\n[    6.992423]  \u003cTASK\u003e\n[    6.992586]  dump_stack_lvl+0x44/0x5c\n[    6.992801]  print_report+0x184/0x4be\n[    6.993790]  kasan_report+0xc5/0x100\n[    6.994252]  kasan_check_range+0xf3/0x1a0\n[    6.994486]  memcpy+0x38/0x60\n[    6.994692]  nft_tunnel_obj_init+0x977/0xa70\n[    6.995677]  nft_obj_init+0x10c/0x1b0\n[    6.995891]  nf_tables_newobj+0x585/0x950\n[    6.996922]  nfnetlink_rcv_batch+0xdf9/0x1020\n[    6.998997]  nfnetlink_rcv+0x1df/0x220\n[    6.999537]  netlink_unicast+0x395/0x530\n[    7.000771]  netlink_sendmsg+0x3d0/0x6d0\n[    7.001462]  __sock_sendmsg+0x99/0xa0\n[    7.001707]  ____sys_sendmsg+0x409/0x450\n[    7.002391]  ___sys_sendmsg+0xfd/0x170\n[    7.003145]  __sys_sendmsg+0xea/0x170\n[    7.004359]  do_syscall_64+0x5e/0x90\n[    7.005817]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[    7.006127] RIP: 0033:0x7ec756d4e407\n[    7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 \u003c5b\u003e c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf\n[    7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n[    7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407\n[    7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003\n[    7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000\n[    7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\n[    7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8\n\nFix this bug with correct pointer addition and conversion in parse\nand dump code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22056",
          "url": "https://www.suse.com/security/cve/CVE-2025-22056"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241525 for CVE-2025-22056",
          "url": "https://bugzilla.suse.com/1241525"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22056"
    },
    {
      "cve": "CVE-2025-22057",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22057"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: decrease cached dst counters in dst_release\n\nUpstream fix ac888d58869b (\"net: do not delay dst_entries_add() in\ndst_release()\") moved decrementing the dst count from dst_destroy to\ndst_release to avoid accessing already freed data in case of netns\ndismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels\nare used, this fix is incomplete as the same issue will be seen for\ncached dsts:\n\n  Unable to handle kernel paging request at virtual address ffff5aabf6b5c000\n  Call trace:\n   percpu_counter_add_batch+0x3c/0x160 (P)\n   dst_release+0xec/0x108\n   dst_cache_destroy+0x68/0xd8\n   dst_destroy+0x13c/0x168\n   dst_destroy_rcu+0x1c/0xb0\n   rcu_do_batch+0x18c/0x7d0\n   rcu_core+0x174/0x378\n   rcu_core_si+0x18/0x30\n\nFix this by invalidating the cache, and thus decrementing cached dst\ncounters, in dst_release too.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22057",
          "url": "https://www.suse.com/security/cve/CVE-2025-22057"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241533 for CVE-2025-22057",
          "url": "https://bugzilla.suse.com/1241533"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22057"
    },
    {
      "cve": "CVE-2025-22063",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22063"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets\n\nWhen calling netlbl_conn_setattr(), addr-\u003esa_family is used\nto determine the function behavior. If sk is an IPv4 socket,\nbut the connect function is called with an IPv6 address,\nthe function calipso_sock_setattr() is triggered.\nInside this function, the following code is executed:\n\nsk_fullsock(__sk) ? inet_sk(__sk)-\u003epinet6 : NULL;\n\nSince sk is an IPv4 socket, pinet6 is NULL, leading to a\nnull pointer dereference.\n\nThis patch fixes the issue by checking if inet6_sk(sk)\nreturns a NULL pointer before accessing pinet6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22063",
          "url": "https://www.suse.com/security/cve/CVE-2025-22063"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241351 for CVE-2025-22063",
          "url": "https://bugzilla.suse.com/1241351"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22063"
    },
    {
      "cve": "CVE-2025-22066",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22066"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: imx-card: Add NULL check in imx_card_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\nimx_card_probe() does not check for this case, which results in a NULL\npointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22066",
          "url": "https://www.suse.com/security/cve/CVE-2025-22066"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241340 for CVE-2025-22066",
          "url": "https://bugzilla.suse.com/1241340"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22066"
    },
    {
      "cve": "CVE-2025-22070",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22070"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix NULL pointer dereference on mkdir\n\nWhen a 9p tree was mounted with option \u0027posixacl\u0027, parent directory had a\ndefault ACL set for its subdirectories, e.g.:\n\n  setfacl -m default:group:simpsons:rwx parentdir\n\nthen creating a subdirectory crashed 9p client, as v9fs_fid_add() call in\nfunction v9fs_vfs_mkdir_dotl() sets the passed \u0027fid\u0027 pointer to NULL\n(since dafbe689736) even though the subsequent v9fs_set_create_acl() call\nexpects a valid non-NULL \u0027fid\u0027 pointer:\n\n  [   37.273191] BUG: kernel NULL pointer dereference, address: 0000000000000000\n  ...\n  [   37.322338] Call Trace:\n  [   37.323043]  \u003cTASK\u003e\n  [   37.323621] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n  [   37.324448] ? page_fault_oops (arch/x86/mm/fault.c:714)\n  [   37.325532] ? search_module_extables (kernel/module/main.c:3733)\n  [   37.326742] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n  [   37.328006] ? search_bpf_extables (kernel/bpf/core.c:804)\n  [   37.329142] ? exc_page_fault (./arch/x86/include/asm/paravirt.h:686 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538)\n  [   37.330196] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:574)\n  [   37.331330] ? p9_client_walk (net/9p/client.c:1165) 9pnet\n  [   37.332562] ? v9fs_fid_xattr_get (fs/9p/xattr.c:30) 9p\n  [   37.333824] v9fs_fid_xattr_set (fs/9p/fid.h:23 fs/9p/xattr.c:121) 9p\n  [   37.335077] v9fs_set_acl (fs/9p/acl.c:276) 9p\n  [   37.336112] v9fs_set_create_acl (fs/9p/acl.c:307) 9p\n  [   37.337326] v9fs_vfs_mkdir_dotl (fs/9p/vfs_inode_dotl.c:411) 9p\n  [   37.338590] vfs_mkdir (fs/namei.c:4313)\n  [   37.339535] do_mkdirat (fs/namei.c:4336)\n  [   37.340465] __x64_sys_mkdir (fs/namei.c:4354)\n  [   37.341455] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n  [   37.342447] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by simply swapping the sequence of these two calls in\nv9fs_vfs_mkdir_dotl(), i.e. calling v9fs_set_create_acl() before\nv9fs_fid_add().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22070",
          "url": "https://www.suse.com/security/cve/CVE-2025-22070"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241305 for CVE-2025-22070",
          "url": "https://bugzilla.suse.com/1241305"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22070"
    },
    {
      "cve": "CVE-2025-22089",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22089"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Don\u0027t expose hw_counters outside of init net namespace\n\nCommit 467f432a521a (\"RDMA/core: Split port and device counter sysfs\nattributes\") accidentally almost exposed hw counters to non-init net\nnamespaces. It didn\u0027t expose them fully, as an attempt to read any of\nthose counters leads to a crash like this one:\n\n[42021.807566] BUG: kernel NULL pointer dereference, address: 0000000000000028\n[42021.814463] #PF: supervisor read access in kernel mode\n[42021.819549] #PF: error_code(0x0000) - not-present page\n[42021.824636] PGD 0 P4D 0\n[42021.827145] Oops: 0000 [#1] SMP PTI\n[42021.830598] CPU: 82 PID: 2843922 Comm: switchto-defaul Kdump: loaded Tainted: G S      W I        XXX\n[42021.841697] Hardware name: XXX\n[42021.849619] RIP: 0010:hw_stat_device_show+0x1e/0x40 [ib_core]\n[42021.855362] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 49 89 d0 4c 8b 5e 20 48 8b 8f b8 04 00 00 48 81 c7 f0 fa ff ff \u003c48\u003e 8b 41 28 48 29 ce 48 83 c6 d0 48 c1 ee 04 69 d6 ab aa aa aa 48\n[42021.873931] RSP: 0018:ffff97fe90f03da0 EFLAGS: 00010287\n[42021.879108] RAX: ffff9406988a8c60 RBX: ffff940e1072d438 RCX: 0000000000000000\n[42021.886169] RDX: ffff94085f1aa000 RSI: ffff93c6cbbdbcb0 RDI: ffff940c7517aef0\n[42021.893230] RBP: ffff97fe90f03e70 R08: ffff94085f1aa000 R09: 0000000000000000\n[42021.900294] R10: ffff94085f1aa000 R11: ffffffffc0775680 R12: ffffffff87ca2530\n[42021.907355] R13: ffff940651602840 R14: ffff93c6cbbdbcb0 R15: ffff94085f1aa000\n[42021.914418] FS:  00007fda1a3b9700(0000) GS:ffff94453fb80000(0000) knlGS:0000000000000000\n[42021.922423] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[42021.928130] CR2: 0000000000000028 CR3: 00000042dcfb8003 CR4: 00000000003726f0\n[42021.935194] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[42021.942257] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[42021.949324] Call Trace:\n[42021.951756]  \u003cTASK\u003e\n[42021.953842]  [\u003cffffffff86c58674\u003e] ? show_regs+0x64/0x70\n[42021.959030]  [\u003cffffffff86c58468\u003e] ? __die+0x78/0xc0\n[42021.963874]  [\u003cffffffff86c9ef75\u003e] ? page_fault_oops+0x2b5/0x3b0\n[42021.969749]  [\u003cffffffff87674b92\u003e] ? exc_page_fault+0x1a2/0x3c0\n[42021.975549]  [\u003cffffffff87801326\u003e] ? asm_exc_page_fault+0x26/0x30\n[42021.981517]  [\u003cffffffffc0775680\u003e] ? __pfx_show_hw_stats+0x10/0x10 [ib_core]\n[42021.988482]  [\u003cffffffffc077564e\u003e] ? hw_stat_device_show+0x1e/0x40 [ib_core]\n[42021.995438]  [\u003cffffffff86ac7f8e\u003e] dev_attr_show+0x1e/0x50\n[42022.000803]  [\u003cffffffff86a3eeb1\u003e] sysfs_kf_seq_show+0x81/0xe0\n[42022.006508]  [\u003cffffffff86a11134\u003e] seq_read_iter+0xf4/0x410\n[42022.011954]  [\u003cffffffff869f4b2e\u003e] vfs_read+0x16e/0x2f0\n[42022.017058]  [\u003cffffffff869f50ee\u003e] ksys_read+0x6e/0xe0\n[42022.022073]  [\u003cffffffff8766f1ca\u003e] do_syscall_64+0x6a/0xa0\n[42022.027441]  [\u003cffffffff8780013b\u003e] entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe problem can be reproduced using the following steps:\n  ip netns add foo\n  ip netns exec foo bash\n  cat /sys/class/infiniband/mlx4_0/hw_counters/*\n\nThe panic occurs because of casting the device pointer into an\nib_device pointer using container_of() in hw_stat_device_show() is\nwrong and leads to a memory corruption.\n\nHowever the real problem is that hw counters should never been exposed\noutside of the non-init net namespace.\n\nFix this by saving the index of the corresponding attribute group\n(it might be 1 or 2 depending on the presence of driver-specific\nattributes) and zeroing the pointer to hw_counters group for compat\ndevices during the initialization.\n\nWith this fix applied hw_counters are not available in a non-init\nnet namespace:\n  find /sys/class/infiniband/mlx4_0/ -name hw_counters\n    /sys/class/infiniband/mlx4_0/ports/1/hw_counters\n    /sys/class/infiniband/mlx4_0/ports/2/hw_counters\n    /sys/class/infiniband/mlx4_0/hw_counters\n\n  ip netns add foo\n  ip netns exec foo bash\n  find /sys/class/infiniband/mlx4_0/ -name hw_counters",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22089",
          "url": "https://www.suse.com/security/cve/CVE-2025-22089"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241538 for CVE-2025-22089",
          "url": "https://bugzilla.suse.com/1241538"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22089"
    },
    {
      "cve": "CVE-2025-22095",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22095"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: brcmstb: Fix error path after a call to regulator_bulk_get()\n\nIf the regulator_bulk_get() returns an error and no regulators\nare created, we need to set their number to zero.\n\nIf we don\u0027t do this and the PCIe link up fails, a call to the\nregulator_bulk_free() will result in a kernel panic.\n\nWhile at it, print the error value, as we cannot return an error\nupwards as the kernel will WARN() on an error from add_bus().\n\n[kwilczynski: commit log, use comma in the message to match style with\nother similar messages]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22095",
          "url": "https://www.suse.com/security/cve/CVE-2025-22095"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241519 for CVE-2025-22095",
          "url": "https://bugzilla.suse.com/1241519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22095"
    },
    {
      "cve": "CVE-2025-22103",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22103"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix NULL pointer dereference in l3mdev_l3_rcv\n\nWhen delete l3s ipvlan:\n\n    ip link del link eth0 ipvlan1 type ipvlan mode l3s\n\nThis may cause a null pointer dereference:\n\n    Call trace:\n     ip_rcv_finish+0x48/0xd0\n     ip_rcv+0x5c/0x100\n     __netif_receive_skb_one_core+0x64/0xb0\n     __netif_receive_skb+0x20/0x80\n     process_backlog+0xb4/0x204\n     napi_poll+0xe8/0x294\n     net_rx_action+0xd8/0x22c\n     __do_softirq+0x12c/0x354\n\nThis is because l3mdev_l3_rcv() visit dev-\u003el3mdev_ops after\nipvlan_l3s_unregister() assign the dev-\u003el3mdev_ops to NULL. The process\nlike this:\n\n    (CPU1)                     | (CPU2)\n    l3mdev_l3_rcv()            |\n      check dev-\u003epriv_flags:   |\n        master = skb-\u003edev;     |\n                               |\n                               | ipvlan_l3s_unregister()\n                               |   set dev-\u003epriv_flags\n                               |   dev-\u003el3mdev_ops = NULL;\n                               |\n      visit master-\u003el3mdev_ops |\n\nTo avoid this by do not set dev-\u003el3mdev_ops when unregister l3s ipvlan.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22103",
          "url": "https://www.suse.com/security/cve/CVE-2025-22103"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241448 for CVE-2025-22103",
          "url": "https://bugzilla.suse.com/1241448"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22103"
    },
    {
      "cve": "CVE-2025-22113",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22113"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid journaling sb update on error if journal is destroying\n\nPresently we always BUG_ON if trying to start a transaction on a journal marked\nwith JBD2_UNMOUNT, since this should never happen. However, while ltp running\nstress tests, it was observed that in case of some error handling paths, it is\npossible for update_super_work to start a transaction after the journal is\ndestroyed eg:\n\n(umount)\next4_kill_sb\n  kill_block_super\n    generic_shutdown_super\n      sync_filesystem /* commits all txns */\n      evict_inodes\n        /* might start a new txn */\n      ext4_put_super\n\tflush_work(\u0026sbi-\u003es_sb_upd_work) /* flush the workqueue */\n        jbd2_journal_destroy\n          journal_kill_thread\n            journal-\u003ej_flags |= JBD2_UNMOUNT;\n          jbd2_journal_commit_transaction\n            jbd2_journal_get_descriptor_buffer\n              jbd2_journal_bmap\n                ext4_journal_bmap\n                  ext4_map_blocks\n                    ...\n                    ext4_inode_error\n                      ext4_handle_error\n                        schedule_work(\u0026sbi-\u003es_sb_upd_work)\n\n                                               /* work queue kicks in */\n                                               update_super_work\n                                                 jbd2_journal_start\n                                                   start_this_handle\n                                                     BUG_ON(journal-\u003ej_flags \u0026\n                                                            JBD2_UNMOUNT)\n\nHence, introduce a new mount flag to indicate journal is destroying and only do\na journaled (and deferred) update of sb if this flag is not set. Otherwise, just\nfallback to an un-journaled commit.\n\nFurther, in the journal destroy path, we have the following sequence:\n\n  1. Set mount flag indicating journal is destroying\n  2. force a commit and wait for it\n  3. flush pending sb updates\n\nThis sequence is important as it ensures that, after this point, there is no sb\nupdate that might be journaled so it is safe to update the sb outside the\njournal. (To avoid race discussed in 2d01ddc86606)\n\nAlso, we don\u0027t need a similar check in ext4_grp_locked_error since it is only\ncalled from mballoc and AFAICT it would be always valid to schedule work here.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22113",
          "url": "https://www.suse.com/security/cve/CVE-2025-22113"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241617 for CVE-2025-22113",
          "url": "https://bugzilla.suse.com/1241617"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22113"
    },
    {
      "cve": "CVE-2025-22119",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22119"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: init wiphy_work before allocating rfkill fails\n\nsyzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1]\n\nAfter rfkill allocation fails, the wiphy release process will be performed,\nwhich will cause cfg80211_dev_free to access the uninitialized wiphy_work\nrelated data.\n\nMove the initialization of wiphy_work to before rfkill initialization to\navoid this issue.\n\n[1]\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n assign_lock_key kernel/locking/lockdep.c:983 [inline]\n register_lock_class+0xc39/0x1240 kernel/locking/lockdep.c:1297\n __lock_acquire+0x135/0x3c40 kernel/locking/lockdep.c:5103\n lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162\n cfg80211_dev_free+0x30/0x3d0 net/wireless/core.c:1196\n device_release+0xa1/0x240 drivers/base/core.c:2568\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x1e4/0x5a0 lib/kobject.c:737\n put_device+0x1f/0x30 drivers/base/core.c:3774\n wiphy_free net/wireless/core.c:1224 [inline]\n wiphy_new_nm+0x1c1f/0x2160 net/wireless/core.c:562\n ieee80211_alloc_hw_nm+0x1b7a/0x2260 net/mac80211/main.c:835\n mac80211_hwsim_new_radio+0x1d6/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5185\n hwsim_new_radio_nl+0xb42/0x12b0 drivers/net/wireless/virtual/mac80211_hwsim.c:6242\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2533\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1338\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1882\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg net/socket.c:733 [inline]\n ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2627\n __sys_sendmsg+0x16e/0x220 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n\nClose: https://syzkaller.appspot.com/bug?extid=aaf0488c83d1d5f4f029",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22119",
          "url": "https://www.suse.com/security/cve/CVE-2025-22119"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241576 for CVE-2025-22119",
          "url": "https://bugzilla.suse.com/1241576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241577 for CVE-2025-22119",
          "url": "https://bugzilla.suse.com/1241577"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22119"
    },
    {
      "cve": "CVE-2025-22124",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22124"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix wrong bitmap_limit for clustermd when write sb\n\nIn clustermd, separate write-intent-bitmaps are used for each cluster\nnode:\n\n0                    4k                     8k                    12k\n-------------------------------------------------------------------\n| idle                | md super            | bm super [0] + bits |\n| bm bits[0, contd]   | bm super[1] + bits  | bm bits[1, contd]   |\n| bm super[2] + bits  | bm bits [2, contd]  | bm super[3] + bits  |\n| bm bits [3, contd]  |                     |                     |\n\nSo in node 1, pg_index in __write_sb_page() could equal to\nbitmap-\u003estorage.file_pages. Then bitmap_limit will be calculated to\n0. md_super_write() will be called with 0 size.\nThat means the first 4k sb area of node 1 will never be updated\nthrough filemap_write_page().\nThis bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize.\n\nHere use (pg_index % bitmap-\u003estorage.file_pages) to make calculation\nof bitmap_limit correct.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22124",
          "url": "https://www.suse.com/security/cve/CVE-2025-22124"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241595 for CVE-2025-22124",
          "url": "https://bugzilla.suse.com/1241595"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22124"
    },
    {
      "cve": "CVE-2025-22125",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22125"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1,raid10: don\u0027t ignore IO flags\n\nIf blk-wbt is enabled by default, it\u0027s found that raid write performance\nis quite bad because all IO are throttled by wbt of underlying disks,\ndue to flag REQ_IDLE is ignored. And turns out this behaviour exist since\nblk-wbt is introduced.\n\nOther than REQ_IDLE, other flags should not be ignored as well, for\nexample REQ_META can be set for filesystems, clearing it can cause priority\nreverse problems; And REQ_NOWAIT should not be cleared as well, because\nio will wait instead of failing directly in underlying disks.\n\nFix those problems by keep IO flags from master bio.\n\nFises: f51d46d0e7cb (\"md: add support for REQ_NOWAIT\")",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22125",
          "url": "https://www.suse.com/security/cve/CVE-2025-22125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241596 for CVE-2025-22125",
          "url": "https://bugzilla.suse.com/1241596"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22125"
    },
    {
      "cve": "CVE-2025-22126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix mddev uaf while iterating all_mddevs list\n\nWhile iterating all_mddevs list from md_notify_reboot() and md_exit(),\nlist_for_each_entry_safe is used, and this can race with deletint the\nnext mddev, causing UAF:\n\nt1:\nspin_lock\n//list_for_each_entry_safe(mddev, n, ...)\n mddev_get(mddev1)\n // assume mddev2 is the next entry\n spin_unlock\n            t2:\n            //remove mddev2\n            ...\n            mddev_free\n            spin_lock\n            list_del\n            spin_unlock\n            kfree(mddev2)\n mddev_put(mddev1)\n spin_lock\n //continue dereference mddev2-\u003eall_mddevs\n\nThe old helper for_each_mddev() actually grab the reference of mddev2\nwhile holding the lock, to prevent from being freed. This problem can be\nfixed the same way, however, the code will be complex.\n\nHence switch to use list_for_each_entry, in this case mddev_put() can free\nthe mddev1 and it\u0027s not safe as well. Refer to md_seq_show(), also factor\nout a helper mddev_put_locked() to fix this problem.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22126",
          "url": "https://www.suse.com/security/cve/CVE-2025-22126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241597 for CVE-2025-22126",
          "url": "https://bugzilla.suse.com/1241597"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-22126"
    },
    {
      "cve": "CVE-2025-23140",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23140"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error\n\nAfter devm_request_irq() fails with error in pci_endpoint_test_request_irq(),\nthe pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs\nhave been released.\n\nHowever, some requested IRQs remain unreleased, so there are still\n/proc/irq/* entries remaining, and this results in WARN() with the\nfollowing message:\n\n  remove_proc_entry: removing non-empty directory \u0027irq/30\u0027, leaking at least \u0027pci-endpoint-test.0\u0027\n  WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c\n\nTo solve this issue, set the number of remaining IRQs to test-\u003enum_irqs,\nand release IRQs in advance by calling pci_endpoint_test_release_irq().\n\n[kwilczynski: commit log]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23140",
          "url": "https://www.suse.com/security/cve/CVE-2025-23140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242763 for CVE-2025-23140",
          "url": "https://bugzilla.suse.com/1242763"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23140"
    },
    {
      "cve": "CVE-2025-23141",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23141"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses\n\nAcquire a lock on kvm-\u003esrcu when userspace is getting MP state to handle a\nrather extreme edge case where \"accepting\" APIC events, i.e. processing\npending INIT or SIPI, can trigger accesses to guest memory.  If the vCPU\nis in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP\nstate will trigger a nested VM-Exit by way of -\u003echeck_nested_events(), and\nemuating the nested VM-Exit can access guest memory.\n\nThe splat was originally hit by syzkaller on a Google-internal kernel, and\nreproduced on an upstream kernel by hacking the triple_fault_event_test\nselftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a\nmemory access on VMX), and do vcpu_mp_state_get() to trigger the scenario.\n\n  =============================\n  WARNING: suspicious RCU usage\n  6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted\n  -----------------------------\n  include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage!\n\n  other info that might help us debug this:\n\n  rcu_scheduler_active = 2, debug_locks = 1\n  1 lock held by triple_fault_ev/1256:\n   #0: ffff88810df5a330 (\u0026vcpu-\u003emutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm]\n\n  stack backtrace:\n  CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n  Call Trace:\n   \u003cTASK\u003e\n   dump_stack_lvl+0x7f/0x90\n   lockdep_rcu_suspicious+0x144/0x190\n   kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm]\n   kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n   read_and_check_msr_entry+0x2e/0x180 [kvm_intel]\n   __nested_vmx_vmexit+0x550/0xde0 [kvm_intel]\n   kvm_check_nested_events+0x1b/0x30 [kvm]\n   kvm_apic_accept_events+0x33/0x100 [kvm]\n   kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm]\n   kvm_vcpu_ioctl+0x33e/0x9a0 [kvm]\n   __x64_sys_ioctl+0x8b/0xb0\n   do_syscall_64+0x6c/0x170\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n   \u003c/TASK\u003e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23141",
          "url": "https://www.suse.com/security/cve/CVE-2025-23141"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242782 for CVE-2025-23141",
          "url": "https://bugzilla.suse.com/1242782"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23141"
    },
    {
      "cve": "CVE-2025-23142",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23142"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: detect and prevent references to a freed transport in sendmsg\n\nsctp_sendmsg() re-uses associations and transports when possible by\ndoing a lookup based on the socket endpoint and the message destination\naddress, and then sctp_sendmsg_to_asoc() sets the selected transport in\nall the message chunks to be sent.\n\nThere\u0027s a possible race condition if another thread triggers the removal\nof that selected transport, for instance, by explicitly unbinding an\naddress with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have\nbeen set up and before the message is sent. This can happen if the send\nbuffer is full, during the period when the sender thread temporarily\nreleases the socket lock in sctp_wait_for_sndbuf().\n\nThis causes the access to the transport data in\nsctp_outq_select_transport(), when the association outqueue is flushed,\nto result in a use-after-free read.\n\nThis change avoids this scenario by having sctp_transport_free() signal\nthe freeing of the transport, tagging it as \"dead\". In order to do this,\nthe patch restores the \"dead\" bit in struct sctp_transport, which was\nremoved in\ncommit 47faa1e4c50e (\"sctp: remove the dead field of sctp_transport\").\n\nThen, in the scenario where the sender thread has released the socket\nlock in sctp_wait_for_sndbuf(), the bit is checked again after\nre-acquiring the socket lock to detect the deletion. This is done while\nholding a reference to the transport to prevent it from being freed in\nthe process.\n\nIf the transport was deleted while the socket lock was relinquished,\nsctp_sendmsg_to_asoc() will return -EAGAIN to let userspace retry the\nsend.\n\nThe bug was found by a private syzbot instance (see the error report [1]\nand the C reproducer that triggers it [2]).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23142",
          "url": "https://www.suse.com/security/cve/CVE-2025-23142"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242760 for CVE-2025-23142",
          "url": "https://bugzilla.suse.com/1242760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23142"
    },
    {
      "cve": "CVE-2025-23144",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23144"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: led_bl: Hold led_access lock when calling led_sysfs_disable()\n\nLockdep detects the following issue on led-backlight removal:\n  [  142.315935] ------------[ cut here ]------------\n  [  142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80\n  ...\n  [  142.500725] Call trace:\n  [  142.503176]  led_sysfs_enable+0x54/0x80 (P)\n  [  142.507370]  led_bl_remove+0x80/0xa8 [led_bl]\n  [  142.511742]  platform_remove+0x30/0x58\n  [  142.515501]  device_remove+0x54/0x90\n  ...\n\nIndeed, led_sysfs_enable() has to be called with the led_access\nlock held.\n\nHold the lock when calling led_sysfs_disable().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23144",
          "url": "https://www.suse.com/security/cve/CVE-2025-23144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242568 for CVE-2025-23144",
          "url": "https://bugzilla.suse.com/1242568"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23144"
    },
    {
      "cve": "CVE-2025-23146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: ene-kb3930: Fix a potential NULL pointer dereference\n\nThe off_gpios could be NULL. Add missing check in the kb3930_probe().\nThis is similar to the issue fixed in commit b1ba8bcb2d1f\n(\"backlight: hx8357: Fix potential NULL pointer dereference\").\n\nThis was detected by our static analysis tool.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23146",
          "url": "https://www.suse.com/security/cve/CVE-2025-23146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242559 for CVE-2025-23146",
          "url": "https://bugzilla.suse.com/1242559"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23146"
    },
    {
      "cve": "CVE-2025-23147",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23147"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: Add NULL pointer check in i3c_master_queue_ibi()\n\nThe I3C master driver may receive an IBI from a target device that has not\nbeen probed yet. In such cases, the master calls `i3c_master_queue_ibi()`\nto queue an IBI work task, leading to \"Unable to handle kernel read from\nunreadable memory\" and resulting in a kernel panic.\n\nTypical IBI handling flow:\n1. The I3C master scans target devices and probes their respective drivers.\n2. The target device driver calls `i3c_device_request_ibi()` to enable IBI\n   and assigns `dev-\u003eibi = ibi`.\n3. The I3C master receives an IBI from the target device and calls\n   `i3c_master_queue_ibi()` to queue the target device driver\u0027s IBI\n   handler task.\n\nHowever, since target device events are asynchronous to the I3C probe\nsequence, step 3 may occur before step 2, causing `dev-\u003eibi` to be `NULL`,\nleading to a kernel panic.\n\nAdd a NULL pointer check in `i3c_master_queue_ibi()` to prevent accessing\nan uninitialized `dev-\u003eibi`, ensuring stability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23147",
          "url": "https://www.suse.com/security/cve/CVE-2025-23147"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242530 for CVE-2025-23147",
          "url": "https://bugzilla.suse.com/1242530"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23147"
    },
    {
      "cve": "CVE-2025-23148",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23148"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()\n\nsoc_dev_attr-\u003erevision could be NULL, thus,\na pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23148",
          "url": "https://www.suse.com/security/cve/CVE-2025-23148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242578 for CVE-2025-23148",
          "url": "https://bugzilla.suse.com/1242578"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23148"
    },
    {
      "cve": "CVE-2025-23149",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23149"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: do not start chip while suspended\n\nChecking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can\nlead to a spurious tpm_chip_start() call:\n\n[35985.503771] i2c i2c-1: Transfer while suspended\n[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810\n[35985.503802] Modules linked in:\n[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G        W          6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f\n[35985.503814] Tainted: [W]=WARN\n[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023\n[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810\n[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe \u003c0f\u003e 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5\n[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246\n[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000\n[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001\n[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820\n[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120\n[35985.503846] FS:  0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000\n[35985.503849] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0\n[35985.503855] Call Trace:\n[35985.503859]  \u003cTASK\u003e\n[35985.503863]  ? __warn+0xd4/0x260\n[35985.503868]  ? __i2c_transfer+0xbe/0x810\n[35985.503874]  ? report_bug+0xf3/0x210\n[35985.503882]  ? handle_bug+0x63/0xb0\n[35985.503887]  ? exc_invalid_op+0x16/0x50\n[35985.503892]  ? asm_exc_invalid_op+0x16/0x20\n[35985.503904]  ? __i2c_transfer+0xbe/0x810\n[35985.503913]  tpm_cr50_i2c_transfer_message+0x24/0xf0\n[35985.503920]  tpm_cr50_i2c_read+0x8e/0x120\n[35985.503928]  tpm_cr50_request_locality+0x75/0x170\n[35985.503935]  tpm_chip_start+0x116/0x160\n[35985.503942]  tpm_try_get_ops+0x57/0x90\n[35985.503948]  tpm_find_get_ops+0x26/0xd0\n[35985.503955]  tpm_get_random+0x2d/0x80\n\nDon\u0027t move forward with tpm_chip_start() inside tpm_try_get_ops(), unless\nTPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in\nsuch a failure case.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23149",
          "url": "https://www.suse.com/security/cve/CVE-2025-23149"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242758 for CVE-2025-23149",
          "url": "https://bugzilla.suse.com/1242758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23149"
    },
    {
      "cve": "CVE-2025-23150",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23150"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off-by-one error in do_split\n\nSyzkaller detected a use-after-free issue in ext4_insert_dentry that was\ncaused by out-of-bounds access due to incorrect splitting in do_split.\n\nBUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\nWrite of size 251 at addr ffff888074572f14 by task syz-executor335/5847\n\nCPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\n ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\n add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154\n make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351\n ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455\n ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796\n ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431\n vfs_symlink+0x137/0x2e0 fs/namei.c:4615\n do_symlinkat+0x222/0x3a0 fs/namei.c:4641\n __do_sys_symlink fs/namei.c:4662 [inline]\n __se_sys_symlink fs/namei.c:4660 [inline]\n __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThe following loop is located right above \u0027if\u0027 statement.\n\nfor (i = count-1; i \u003e= 0; i--) {\n\t/* is more than half of this entry in 2nd half of the block? */\n\tif (size + map[i].size/2 \u003e blocksize/2)\n\t\tbreak;\n\tsize += map[i].size;\n\tmove++;\n}\n\n\u0027i\u0027 in this case could go down to -1, in which case sum of active entries\nwouldn\u0027t exceed half the block size, but previous behaviour would also do\nsplit in half if sum would exceed at the very last block, which in case of\nhaving too many long name files in a single block could lead to\nout-of-bounds access and following use-after-free.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23150",
          "url": "https://www.suse.com/security/cve/CVE-2025-23150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242513 for CVE-2025-23150",
          "url": "https://bugzilla.suse.com/1242513"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23150"
    },
    {
      "cve": "CVE-2025-23151",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23151"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Fix race between unprepare and queue_buf\n\nA client driver may use mhi_unprepare_from_transfer() to quiesce\nincoming data during the client driver\u0027s tear down. The client driver\nmight also be processing data at the same time, resulting in a call to\nmhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs\nafter mhi_unprepare_from_transfer() has torn down the channel, a panic\nwill occur due to an invalid dereference leading to a page fault.\n\nThis occurs because mhi_gen_tre() does not verify the channel state\nafter locking it. Fix this by having mhi_gen_tre() confirm the channel\nstate is valid, or return error to avoid accessing deinitialized data.\n\n[mani: added stable tag]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23151",
          "url": "https://www.suse.com/security/cve/CVE-2025-23151"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242512 for CVE-2025-23151",
          "url": "https://bugzilla.suse.com/1242512"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23151"
    },
    {
      "cve": "CVE-2025-23155",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23155"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix accessing freed irq affinity_hint\n\nThe cpumask should not be a local variable, since its pointer is saved\nto irq_desc and may be accessed from procfs.\nTo fix it, use the persistent mask cpumask_of(cpu#).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23155",
          "url": "https://www.suse.com/security/cve/CVE-2025-23155"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242573 for CVE-2025-23155",
          "url": "https://bugzilla.suse.com/1242573"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23155"
    },
    {
      "cve": "CVE-2025-23156",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23156"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: refactor hfi packet parsing logic\n\nwords_count denotes the number of words in total payload, while data\npoints to payload of various property within it. When words_count\nreaches last word, data can access memory beyond the total payload. This\ncan lead to OOB access. With this patch, the utility api for handling\nindividual properties now returns the size of data consumed. Accordingly\nremaining bytes are calculated before parsing the payload, thereby\neliminates the OOB access possibilities.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23156",
          "url": "https://www.suse.com/security/cve/CVE-2025-23156"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242569 for CVE-2025-23156",
          "url": "https://bugzilla.suse.com/1242569"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23156"
    },
    {
      "cve": "CVE-2025-23157",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23157"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi_parser: add check to avoid out of bound access\n\nThere is a possibility that init_codecs is invoked multiple times during\nmanipulated payload from video firmware. In such case, if codecs_count\ncan get incremented to value more than MAX_CODEC_NUM, there can be OOB\naccess. Reset the count so that it always starts from beginning.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23157",
          "url": "https://www.suse.com/security/cve/CVE-2025-23157"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242532 for CVE-2025-23157",
          "url": "https://bugzilla.suse.com/1242532"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23157"
    },
    {
      "cve": "CVE-2025-23158",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23158"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add check to handle incorrect queue size\n\nqsize represents size of shared queued between driver and video\nfirmware. Firmware can modify this value to an invalid large value. In\nsuch situation, empty_space will be bigger than the space actually\navailable. Since new_wr_idx is not checked, so the following code will\nresult in an OOB write.\n...\nqsize = qhdr-\u003eq_size\n\nif (wr_idx \u003e= rd_idx)\n empty_space = qsize - (wr_idx - rd_idx)\n....\nif (new_wr_idx \u003c qsize) {\n memcpy(wr_ptr, packet, dwords \u003c\u003c 2) --\u003e OOB write\n\nAdd check to ensure qsize is within the allocated size while\nreading and writing packets into the queue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23158",
          "url": "https://www.suse.com/security/cve/CVE-2025-23158"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242531 for CVE-2025-23158",
          "url": "https://bugzilla.suse.com/1242531"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23158"
    },
    {
      "cve": "CVE-2025-23159",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23159"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: add a check to handle OOB in sfr region\n\nsfr-\u003ebuf_size is in shared memory and can be modified by malicious user.\nOOB write is possible when the size is made higher than actual sfr data\nbuffer. Cap the size to allocated size for such cases.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23159",
          "url": "https://www.suse.com/security/cve/CVE-2025-23159"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242529 for CVE-2025-23159",
          "url": "https://bugzilla.suse.com/1242529"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23159"
    },
    {
      "cve": "CVE-2025-23160",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23160"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization\n\nOn Mediatek devices with a system companion processor (SCP) the mtk_scp\nstructure has to be removed explicitly to avoid a resource leak.\nFree the structure in case the allocation of the firmware structure fails\nduring the firmware initialization.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23160",
          "url": "https://www.suse.com/security/cve/CVE-2025-23160"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242507 for CVE-2025-23160",
          "url": "https://bugzilla.suse.com/1242507"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23160"
    },
    {
      "cve": "CVE-2025-23161",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23161"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type\n\nThe access to the PCI config space via pci_ops::read and pci_ops::write is\na low-level hardware access. The functions can be accessed with disabled\ninterrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this\npurpose.\n\nA spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be\nacquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in\nthe same context as the pci_lock.\n\nMake vmd_dev::cfg_lock a raw_spinlock_t type so it can be used with\ninterrupts disabled.\n\nThis was reported as:\n\n  BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n  Call Trace:\n   rt_spin_lock+0x4e/0x130\n   vmd_pci_read+0x8d/0x100 [vmd]\n   pci_user_read_config_byte+0x6f/0xe0\n   pci_read_config+0xfe/0x290\n   sysfs_kf_bin_read+0x68/0x90\n\n[bigeasy: reword commit message]\nTested-off-by: Luis Claudio R. Goncalves \u003clgoncalv@redhat.com\u003e\n[kwilczynski: commit log]\n[bhelgaas: add back report info from\nhttps://lore.kernel.org/lkml/20241218115951.83062-1-ryotkkr98@gmail.com/]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23161",
          "url": "https://www.suse.com/security/cve/CVE-2025-23161"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242792 for CVE-2025-23161",
          "url": "https://bugzilla.suse.com/1242792"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-23161"
    },
    {
      "cve": "CVE-2025-37738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: ignore xattrs past end\n\nOnce inside \u0027ext4_xattr_inode_dec_ref_all\u0027 we should\nignore xattrs entries past the \u0027end\u0027 entry.\n\nThis fixes the following KASAN reported issue:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\nRead of size 4 at addr ffff888012c120c4 by task repro/2065\n\nCPU: 1 UID: 0 PID: 2065 Comm: repro Not tainted 6.13.0-rc2+ #11\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x1fd/0x300\n ? tcp_gro_dev_warn+0x260/0x260\n ? _printk+0xc0/0x100\n ? read_lock_is_recursive+0x10/0x10\n ? irq_work_queue+0x72/0xf0\n ? __virt_addr_valid+0x17b/0x4b0\n print_address_description+0x78/0x390\n print_report+0x107/0x1f0\n ? __virt_addr_valid+0x17b/0x4b0\n ? __virt_addr_valid+0x3ff/0x4b0\n ? __phys_addr+0xb5/0x160\n ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n kasan_report+0xcc/0x100\n ? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\n ? ext4_xattr_delete_inode+0xd30/0xd30\n ? __ext4_journal_ensure_credits+0x5f0/0x5f0\n ? __ext4_journal_ensure_credits+0x2b/0x5f0\n ? inode_update_timestamps+0x410/0x410\n ext4_xattr_delete_inode+0xb64/0xd30\n ? ext4_truncate+0xb70/0xdc0\n ? ext4_expand_extra_isize_ea+0x1d20/0x1d20\n ? __ext4_mark_inode_dirty+0x670/0x670\n ? ext4_journal_check_start+0x16f/0x240\n ? ext4_inode_is_fast_symlink+0x2f2/0x3a0\n ext4_evict_inode+0xc8c/0xff0\n ? ext4_inode_is_fast_symlink+0x3a0/0x3a0\n ? do_raw_spin_unlock+0x53/0x8a0\n ? ext4_inode_is_fast_symlink+0x3a0/0x3a0\n evict+0x4ac/0x950\n ? proc_nr_inodes+0x310/0x310\n ? trace_ext4_drop_inode+0xa2/0x220\n ? _raw_spin_unlock+0x1a/0x30\n ? iput+0x4cb/0x7e0\n do_unlinkat+0x495/0x7c0\n ? try_break_deleg+0x120/0x120\n ? 0xffffffff81000000\n ? __check_object_size+0x15a/0x210\n ? strncpy_from_user+0x13e/0x250\n ? getname_flags+0x1dc/0x530\n __x64_sys_unlinkat+0xc8/0xf0\n do_syscall_64+0x65/0x110\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x434ffd\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8\nRSP: 002b:00007ffc50fa7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000107\nRAX: ffffffffffffffda RBX: 00007ffc50fa7e18 RCX: 0000000000434ffd\nRDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005\nRBP: 00007ffc50fa7be0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 00007ffc50fa7e08 R14: 00000000004bbf30 R15: 0000000000000001\n \u003c/TASK\u003e\n\nThe buggy address belongs to the object at ffff888012c12000\n which belongs to the cache filp of size 360\nThe buggy address is located 196 bytes inside of\n freed 360-byte region [ffff888012c12000, ffff888012c12168)\n\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c12\nhead: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nflags: 0x40(head|node=0|zone=0)\npage_type: f5(slab)\nraw: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004\nraw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000\nhead: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004\nhead: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000\nhead: 0000000000000001 ffffea00004b0481 ffffffffffffffff 0000000000000000\nhead: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888012c11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888012c12000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\u003e ffff888012c12080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                                           ^\n ffff888012c12100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc\n ffff888012c12180: fc fc fc fc fc fc fc fc fc\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37738",
          "url": "https://www.suse.com/security/cve/CVE-2025-37738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242846 for CVE-2025-37738",
          "url": "https://bugzilla.suse.com/1242846"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37738"
    },
    {
      "cve": "CVE-2025-37740",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37740"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add sanity check for agwidth in dbMount\n\nThe width in dmapctl of the AG is zero, it trigger a divide error when\ncalculating the control page level in dbAllocAG.\n\nTo avoid this issue, add a check for agwidth in dbAllocAG.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37740",
          "url": "https://www.suse.com/security/cve/CVE-2025-37740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243006 for CVE-2025-37740",
          "url": "https://bugzilla.suse.com/1243006"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37740"
    },
    {
      "cve": "CVE-2025-37741",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37741"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Prevent copying of nlink with value 0 from disk inode\n\nsyzbot report a deadlock in diFree. [1]\n\nWhen calling \"ioctl$LOOP_SET_STATUS64\", the offset value passed in is 4,\nwhich does not match the mounted loop device, causing the mapping of the\nmounted loop device to be invalidated.\n\nWhen creating the directory and creating the inode of iag in diReadSpecial(),\nread the page of fixed disk inode (AIT) in raw mode in read_metapage(), the\nmetapage data it returns is corrupted, which causes the nlink value of 0 to be\nassigned to the iag inode when executing copy_from_dinode(), which ultimately\ncauses a deadlock when entering diFree().\n\nTo avoid this, first check the nlink value of dinode before setting iag inode.\n\n[1]\nWARNING: possible recursive locking detected\n6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 Not tainted\n--------------------------------------------\nsyz-executor301/5309 is trying to acquire lock:\nffff888044548920 (\u0026(imap-\u003eim_aglock[index])){+.+.}-{3:3}, at: diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889\n\nbut task is already holding lock:\nffff888044548920 (\u0026(imap-\u003eim_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n       CPU0\n       ----\n  lock(\u0026(imap-\u003eim_aglock[index]));\n  lock(\u0026(imap-\u003eim_aglock[index]));\n\n *** DEADLOCK ***\n\n May be due to missing lock nesting notation\n\n5 locks held by syz-executor301/5309:\n #0: ffff8880422a4420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515\n #1: ffff88804755b390 (\u0026type-\u003ei_mutex_dir_key#6/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:850 [inline]\n #1: ffff88804755b390 (\u0026type-\u003ei_mutex_dir_key#6/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:4026\n #2: ffff888044548920 (\u0026(imap-\u003eim_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630\n #3: ffff888044548890 (\u0026imap-\u003eim_freelock){+.+.}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2460 [inline]\n #3: ffff888044548890 (\u0026imap-\u003eim_freelock){+.+.}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n #3: ffff888044548890 (\u0026imap-\u003eim_freelock){+.+.}-{3:3}, at: diAllocAG+0x4b7/0x1e50 fs/jfs/jfs_imap.c:1669\n #4: ffff88804755a618 (\u0026jfs_ip-\u003erdwrlock/1){++++}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline]\n #4: ffff88804755a618 (\u0026jfs_ip-\u003erdwrlock/1){++++}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n #4: ffff88804755a618 (\u0026jfs_ip-\u003erdwrlock/1){++++}-{3:3}, at: diAllocAG+0x869/0x1e50 fs/jfs/jfs_imap.c:1669\n\nstack backtrace:\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor301 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037\n check_deadlock kernel/locking/lockdep.c:3089 [inline]\n validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891\n __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __mutex_lock_common kernel/locking/mutex.c:608 [inline]\n __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752\n diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889\n jfs_evict_inode+0x32d/0x440 fs/jfs/inode.c:156\n evict+0x4e8/0x9b0 fs/inode.c:725\n diFreeSpecial fs/jfs/jfs_imap.c:552 [inline]\n duplicateIXtree+0x3c6/0x550 fs/jfs/jfs_imap.c:3022\n diNewIAG fs/jfs/jfs_imap.c:2597 [inline]\n diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n diAllocAG+0x17dc/0x1e50 fs/jfs/jfs_imap.c:1669\n diAlloc+0x1d2/0x1630 fs/jfs/jfs_imap.c:1590\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xba0 fs/jfs/namei.c:225\n vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\n do_mkdirat+0x264/0x3a0 fs/namei.c:4280\n __do_sys_mkdirat fs/namei.c:4295 [inline]\n __se_sys_mkdirat fs/namei.c:4293 [inline]\n __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293\n do_syscall_x64 arch/x86/en\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37741",
          "url": "https://www.suse.com/security/cve/CVE-2025-37741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243015 for CVE-2025-37741",
          "url": "https://bugzilla.suse.com/1243015"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37741"
    },
    {
      "cve": "CVE-2025-37742",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37742"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix uninit-value access of imap allocated in the diMount() function\n\nsyzbot reports that hex_dump_to_buffer is using uninit-value:\n\n=====================================================\nBUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171\nhex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171\nprint_hex_dump+0x13d/0x3e0 lib/hexdump.c:276\ndiFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876\njfs_evict_inode+0x510/0x550 fs/jfs/inode.c:156\nevict+0x723/0xd10 fs/inode.c:796\niput_final fs/inode.c:1946 [inline]\niput+0x97b/0xdb0 fs/inode.c:1972\ntxUpdateMap+0xf3e/0x1150 fs/jfs/jfs_txnmgr.c:2367\ntxLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\njfs_lazycommit+0x627/0x11d0 fs/jfs/jfs_txnmgr.c:2733\nkthread+0x6b9/0xef0 kernel/kthread.c:464\nret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\nslab_post_alloc_hook mm/slub.c:4121 [inline]\nslab_alloc_node mm/slub.c:4164 [inline]\n__kmalloc_cache_noprof+0x8e3/0xdf0 mm/slub.c:4320\nkmalloc_noprof include/linux/slab.h:901 [inline]\ndiMount+0x61/0x7f0 fs/jfs/jfs_imap.c:105\njfs_mount+0xa8e/0x11d0 fs/jfs/jfs_mount.c:176\njfs_fill_super+0xa47/0x17c0 fs/jfs/super.c:523\nget_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636\nget_tree_bdev+0x37/0x50 fs/super.c:1659\njfs_get_tree+0x34/0x40 fs/jfs/super.c:635\nvfs_get_tree+0xb1/0x5a0 fs/super.c:1814\ndo_new_mount+0x71f/0x15e0 fs/namespace.c:3560\npath_mount+0x742/0x1f10 fs/namespace.c:3887\ndo_mount fs/namespace.c:3900 [inline]\n__do_sys_mount fs/namespace.c:4111 [inline]\n__se_sys_mount+0x71f/0x800 fs/namespace.c:4088\n__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088\nx64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n=====================================================\n\nThe reason is that imap is not properly initialized after memory\nallocation. It will cause the snprintf() function to write uninitialized\ndata into linebuf within hex_dump_to_buffer().\n\nFix this by using kzalloc instead of kmalloc to clear its content at the\nbeginning in diMount().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37742",
          "url": "https://www.suse.com/security/cve/CVE-2025-37742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243011 for CVE-2025-37742",
          "url": "https://bugzilla.suse.com/1243011"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37742"
    },
    {
      "cve": "CVE-2025-37743",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37743"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid memory leak while enabling statistics\n\nDriver uses monitor destination rings for extended statistics mode and\nstandalone monitor mode. In extended statistics mode, TLVs are parsed from\nthe buffer received from the monitor destination ring and assigned to the\nppdu_info structure to update per-packet statistics. In standalone monitor\nmode, along with per-packet statistics, the packet data (payload) is\ncaptured, and the driver updates per MSDU to mac80211.\n\nWhen the AP interface is enabled, only extended statistics mode is\nactivated. As part of enabling monitor rings for collecting statistics,\nthe driver subscribes to HAL_RX_MPDU_START TLV in the filter\nconfiguration. This TLV is received from the monitor destination ring, and\nkzalloc for the mon_mpdu object occurs, which is not freed, leading to a\nmemory leak. The kzalloc for the mon_mpdu object is only required while\nenabling the standalone monitor interface. This causes a memory leak while\nenabling extended statistics mode in the driver.\n\nFix this memory leak by removing the kzalloc for the mon_mpdu object in\nthe HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone\nmonitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs.\nThese TLV tags will be handled properly when enabling standalone monitor\nmode in the future.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37743",
          "url": "https://www.suse.com/security/cve/CVE-2025-37743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242163 for CVE-2025-37743",
          "url": "https://bugzilla.suse.com/1242163"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37743"
    },
    {
      "cve": "CVE-2025-37747",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37747"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix hang while freeing sigtrap event\n\nPerf can hang while freeing a sigtrap event if a related deferred\nsignal hadn\u0027t managed to be sent before the file got closed:\n\nperf_event_overflow()\n   task_work_add(perf_pending_task)\n\nfput()\n   task_work_add(____fput())\n\ntask_work_run()\n    ____fput()\n        perf_release()\n            perf_event_release_kernel()\n                _free_event()\n                    perf_pending_task_sync()\n                        task_work_cancel() -\u003e FAILED\n                        rcuwait_wait_event()\n\nOnce task_work_run() is running, the list of pending callbacks is\nremoved from the task_struct and from this point on task_work_cancel()\ncan\u0027t remove any pending and not yet started work items, hence the\ntask_work_cancel() failure and the hang on rcuwait_wait_event().\n\nTask work could be changed to remove one work at a time, so a work\nrunning on the current task can always cancel a pending one, however\nthe wait / wake design is still subject to inverted dependencies when\nremote targets are involved, as pictured by Oleg:\n\nT1                                                      T2\n\nfd = perf_event_open(pid =\u003e T2-\u003epid);                  fd = perf_event_open(pid =\u003e T1-\u003epid);\nclose(fd)                                              close(fd)\n    \u003cIRQ\u003e                                                  \u003cIRQ\u003e\n    perf_event_overflow()                                  perf_event_overflow()\n       task_work_add(perf_pending_task)                        task_work_add(perf_pending_task)\n    \u003c/IRQ\u003e                                                 \u003c/IRQ\u003e\n    fput()                                                 fput()\n        task_work_add(____fput())                              task_work_add(____fput())\n\n    task_work_run()                                        task_work_run()\n        ____fput()                                             ____fput()\n            perf_release()                                         perf_release()\n                perf_event_release_kernel()                            perf_event_release_kernel()\n                    _free_event()                                          _free_event()\n                        perf_pending_task_sync()                               perf_pending_task_sync()\n                            rcuwait_wait_event()                                   rcuwait_wait_event()\n\nTherefore the only option left is to acquire the event reference count\nupon queueing the perf task work and release it from the task work, just\nlike it was done before 3a5465418f5f (\"perf: Fix event leak upon exec and file release\")\nbut without the leaks it fixed.\n\nSome adjustments are necessary to make it work:\n\n* A child event might dereference its parent upon freeing. Care must be\n  taken to release the parent last.\n\n* Some places assuming the event doesn\u0027t have any reference held and\n  therefore can be freed right away must instead put the reference and\n  let the reference counting to its job.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37747",
          "url": "https://www.suse.com/security/cve/CVE-2025-37747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242520 for CVE-2025-37747",
          "url": "https://bugzilla.suse.com/1242520"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37747"
    },
    {
      "cve": "CVE-2025-37748",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37748"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group\n\nCurrently, mtk_iommu calls during probe iommu_device_register before\nthe hw_list from driver data is initialized. Since iommu probing issue\nfix, it leads to NULL pointer dereference in mtk_iommu_device_group when\nhw_list is accessed with list_first_entry (not null safe).\n\nSo, change the call order to ensure iommu_device_register is called\nafter the driver data are initialized.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37748",
          "url": "https://www.suse.com/security/cve/CVE-2025-37748"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242523 for CVE-2025-37748",
          "url": "https://bugzilla.suse.com/1242523"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37748"
    },
    {
      "cve": "CVE-2025-37749",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37749"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\n\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\n\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef\u27a4  p *(struct pppoe_hdr *) (skb-\u003ehead + skb-\u003enetwork_header)\n$18 = {\n\ttype = 0x1,\n\tver = 0x1,\n\tcode = 0x0,\n\tsid = 0x2,\n        length = 0x0,\n\ttag = 0xffff8880371cdb96\n}\n\nfrom the skb struct (trimmed)\n      tail = 0x16,\n      end = 0x140,\n      head = 0xffff88803346f400 \"4\",\n      data = 0xffff88803346f416 \":\\377\",\n      truesize = 0x380,\n      len = 0x0,\n      data_len = 0x0,\n      mac_len = 0xe,\n      hdr_len = 0x0,\n\nit is not safe to access data[2].\n\n[pabeni@redhat.com: fixed subj typo]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37749",
          "url": "https://www.suse.com/security/cve/CVE-2025-37749"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242859 for CVE-2025-37749",
          "url": "https://bugzilla.suse.com/1242859"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37749"
    },
    {
      "cve": "CVE-2025-37750",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37750"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in decryption with multichannel\n\nAfter commit f7025d861694 (\"smb: client: allocate crypto only for\nprimary server\") and commit b0abcd65ec54 (\"smb: client: fix UAF in\nasync decryption\"), the channels started reusing AEAD TFM from primary\nchannel to perform synchronous decryption, but that can\u0027t done as\nthere could be multiple cifsd threads (one per channel) simultaneously\naccessing it to perform decryption.\n\nThis fixes the following KASAN splat when running fstest generic/249\nwith \u0027vers=3.1.1,multichannel,max_channels=4,seal\u0027 against Windows\nServer 2022:\n\nBUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110\nRead of size 8 at addr ffff8881046c18a0 by task cifsd/986\nCPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1\nPREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n print_report+0x156/0x528\n ? gf128mul_4k_lle+0xba/0x110\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? gf128mul_4k_lle+0xba/0x110\n kasan_report+0xdf/0x1a0\n ? gf128mul_4k_lle+0xba/0x110\n gf128mul_4k_lle+0xba/0x110\n ghash_update+0x189/0x210\n shash_ahash_update+0x295/0x370\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_shash_ahash_update+0x10/0x10\n ? __pfx_extract_iter_to_sg+0x10/0x10\n ? ___kmalloc_large_node+0x10e/0x180\n ? __asan_memset+0x23/0x50\n crypto_ahash_update+0x3c/0xc0\n gcm_hash_assoc_remain_continue+0x93/0xc0\n crypt_message+0xe09/0xec0 [cifs]\n ? __pfx_crypt_message+0x10/0x10 [cifs]\n ? _raw_spin_unlock+0x23/0x40\n ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs]\n decrypt_raw_data+0x229/0x380 [cifs]\n ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs]\n smb3_receive_transform+0x837/0xc80 [cifs]\n ? __pfx_smb3_receive_transform+0x10/0x10 [cifs]\n ? __pfx___might_resched+0x10/0x10\n ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs]\n cifs_demultiplex_thread+0x692/0x1570 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n ? rcu_is_watching+0x20/0x50\n ? rcu_lockdep_current_cpu_online+0x62/0xb0\n ? find_held_lock+0x32/0x90\n ? kvm_sched_clock_read+0x11/0x20\n ? local_clock_noinstr+0xd/0xd0\n ? trace_irq_enable.constprop.0+0xa8/0xe0\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0x1fe/0x380\n ? kthread+0x10f/0x380\n ? __pfx_kthread+0x10/0x10\n ? local_clock_noinstr+0xd/0xd0\n ? ret_from_fork+0x1b/0x60\n ? local_clock+0x15/0x30\n ? lock_release+0x29b/0x390\n ? rcu_is_watching+0x20/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37750",
          "url": "https://www.suse.com/security/cve/CVE-2025-37750"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242510 for CVE-2025-37750",
          "url": "https://bugzilla.suse.com/1242510"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37750"
    },
    {
      "cve": "CVE-2025-37752",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37752"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37752",
          "url": "https://www.suse.com/security/cve/CVE-2025-37752"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242504 for CVE-2025-37752",
          "url": "https://bugzilla.suse.com/1242504"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245776 for CVE-2025-37752",
          "url": "https://bugzilla.suse.com/1245776"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-37752"
    },
    {
      "cve": "CVE-2025-37754",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37754"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/huc: Fix fence not released on early probe errors\n\nHuC delayed loading fence, introduced with commit 27536e03271da\n(\"drm/i915/huc: track delayed HuC load with a fence\"), is registered with\nobject tracker early on driver probe but unregistered only from driver\nremove, which is not called on early probe errors.  Since its memory is\nallocated under devres, then released anyway, it may happen to be\nallocated again to the fence and reused on future driver probes, resulting\nin kernel warnings that taint the kernel:\n\n\u003c4\u003e [309.731371] ------------[ cut here ]------------\n\u003c3\u003e [309.731373] ODEBUG: init destroyed (active state 0) object: ffff88813d7dd2e0 object type: i915_sw_fence hint: sw_fence_dummy_notify+0x0/0x20 [i915]\n\u003c4\u003e [309.731575] WARNING: CPU: 2 PID: 3161 at lib/debugobjects.c:612 debug_print_object+0x93/0xf0\n...\n\u003c4\u003e [309.731693] CPU: 2 UID: 0 PID: 3161 Comm: i915_module_loa Tainted: G     U             6.14.0-CI_DRM_16362-gf0fd77956987+ #1\n...\n\u003c4\u003e [309.731700] RIP: 0010:debug_print_object+0x93/0xf0\n...\n\u003c4\u003e [309.731728] Call Trace:\n\u003c4\u003e [309.731730]  \u003cTASK\u003e\n...\n\u003c4\u003e [309.731949]  __debug_object_init+0x17b/0x1c0\n\u003c4\u003e [309.731957]  debug_object_init+0x34/0x50\n\u003c4\u003e [309.732126]  __i915_sw_fence_init+0x34/0x60 [i915]\n\u003c4\u003e [309.732256]  intel_huc_init_early+0x4b/0x1d0 [i915]\n\u003c4\u003e [309.732468]  intel_uc_init_early+0x61/0x680 [i915]\n\u003c4\u003e [309.732667]  intel_gt_common_init_early+0x105/0x130 [i915]\n\u003c4\u003e [309.732804]  intel_root_gt_init_early+0x63/0x80 [i915]\n\u003c4\u003e [309.732938]  i915_driver_probe+0x1fa/0xeb0 [i915]\n\u003c4\u003e [309.733075]  i915_pci_probe+0xe6/0x220 [i915]\n\u003c4\u003e [309.733198]  local_pci_probe+0x44/0xb0\n\u003c4\u003e [309.733203]  pci_device_probe+0xf4/0x270\n\u003c4\u003e [309.733209]  really_probe+0xee/0x3c0\n\u003c4\u003e [309.733215]  __driver_probe_device+0x8c/0x180\n\u003c4\u003e [309.733219]  driver_probe_device+0x24/0xd0\n\u003c4\u003e [309.733223]  __driver_attach+0x10f/0x220\n\u003c4\u003e [309.733230]  bus_for_each_dev+0x7d/0xe0\n\u003c4\u003e [309.733236]  driver_attach+0x1e/0x30\n\u003c4\u003e [309.733239]  bus_add_driver+0x151/0x290\n\u003c4\u003e [309.733244]  driver_register+0x5e/0x130\n\u003c4\u003e [309.733247]  __pci_register_driver+0x7d/0x90\n\u003c4\u003e [309.733251]  i915_pci_register_driver+0x23/0x30 [i915]\n\u003c4\u003e [309.733413]  i915_init+0x34/0x120 [i915]\n\u003c4\u003e [309.733655]  do_one_initcall+0x62/0x3f0\n\u003c4\u003e [309.733667]  do_init_module+0x97/0x2a0\n\u003c4\u003e [309.733671]  load_module+0x25ff/0x2890\n\u003c4\u003e [309.733688]  init_module_from_file+0x97/0xe0\n\u003c4\u003e [309.733701]  idempotent_init_module+0x118/0x330\n\u003c4\u003e [309.733711]  __x64_sys_finit_module+0x77/0x100\n\u003c4\u003e [309.733715]  x64_sys_call+0x1f37/0x2650\n\u003c4\u003e [309.733719]  do_syscall_64+0x91/0x180\n\u003c4\u003e [309.733763]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\u003c4\u003e [309.733792]  \u003c/TASK\u003e\n...\n\u003c4\u003e [309.733806] ---[ end trace 0000000000000000 ]---\n\nThat scenario is most easily reproducible with\nigt@i915_module_load@reload-with-fault-injection.\n\nFix the issue by moving the cleanup step to driver release path.\n\n(cherry picked from commit 795dbde92fe5c6996a02a5b579481de73035e7bf)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37754",
          "url": "https://www.suse.com/security/cve/CVE-2025-37754"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242524 for CVE-2025-37754",
          "url": "https://bugzilla.suse.com/1242524"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37754"
    },
    {
      "cve": "CVE-2025-37755",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37755"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: handle page_pool_dev_alloc_pages error\n\npage_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page)\nbut it would still proceed to use the NULL pointer and then crash.\n\nThis is similar to commit 001ba0902046\n(\"net: fec: handle page_pool_dev_alloc_pages error\").\n\nThis is found by our static analysis tool KNighter.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37755",
          "url": "https://www.suse.com/security/cve/CVE-2025-37755"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242506 for CVE-2025-37755",
          "url": "https://bugzilla.suse.com/1242506"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37755"
    },
    {
      "cve": "CVE-2025-37758",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37758"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()\n\ndevm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does\nnot check for this case, which can result in a NULL pointer dereference.\n\nAdd NULL check after devm_ioremap() to prevent this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37758",
          "url": "https://www.suse.com/security/cve/CVE-2025-37758"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242514 for CVE-2025-37758",
          "url": "https://bugzilla.suse.com/1242514"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37758"
    },
    {
      "cve": "CVE-2025-37765",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37765"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: prime: fix ttm_bo_delayed_delete oops\n\nFix an oops in ttm_bo_delayed_delete which results from dererencing a\ndangling pointer:\n\nOops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP\nCPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tainted 6.14.0-rc4-00267-g505460b44513-dirty #216\nHardware name: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 01/16/2024\nWorkqueue: ttm ttm_bo_delayed_delete [ttm]\nRIP: 0010:dma_resv_iter_first_unlocked+0x55/0x290\nCode: 31 f6 48 c7 c7 00 2b fa aa e8 97 bd 52 ff e8 a2 c1 53 00 5a 85 c0 74 48 e9 88 01 00 00 4c 89 63 20 4d 85 e4 0f 84 30 01 00 00 \u003c41\u003e 8b 44 24 10 c6 43 2c 01 48 89 df 89 43 28 e8 97 fd ff ff 4c 8b\nRSP: 0018:ffffbf9383473d60 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffffbf9383473d88 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffbf9383473d78 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 6b6b6b6b6b6b6b6b\nR13: ffffa003bbf78580 R14: ffffa003a6728040 R15: 00000000000383cc\nFS:  0000000000000000(0000) GS:ffffa00991c00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000758348024dd0 CR3: 000000012c259000 CR4: 0000000000f50ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x26\n ? die_addr+0x3d/0x70\n ? exc_general_protection+0x159/0x460\n ? asm_exc_general_protection+0x27/0x30\n ? dma_resv_iter_first_unlocked+0x55/0x290\n dma_resv_wait_timeout+0x56/0x100\n ttm_bo_delayed_delete+0x69/0xb0 [ttm]\n process_one_work+0x217/0x5c0\n worker_thread+0x1c8/0x3d0\n ? apply_wqattrs_cleanup.part.0+0xc0/0xc0\n kthread+0x10b/0x240\n ? kthreads_online_cpu+0x140/0x140\n ret_from_fork+0x40/0x70\n ? kthreads_online_cpu+0x140/0x140\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThe cause of this is:\n\n- drm_prime_gem_destroy calls dma_buf_put(dma_buf) which releases the\n  reference to the shared dma_buf. The reference count is 0, so the\n  dma_buf is destroyed, which in turn decrements the corresponding\n  amdgpu_bo reference count to 0, and the amdgpu_bo is destroyed -\n  calling drm_gem_object_release then dma_resv_fini (which destroys the\n  reservation object), then finally freeing the amdgpu_bo.\n\n- nouveau_bo obj-\u003ebo.base.resv is now a dangling pointer to the memory\n  formerly allocated to the amdgpu_bo.\n\n- nouveau_gem_object_del calls ttm_bo_put(\u0026nvbo-\u003ebo) which calls\n  ttm_bo_release, which schedules ttm_bo_delayed_delete.\n\n- ttm_bo_delayed_delete runs and dereferences the dangling resv pointer,\n  resulting in a general protection fault.\n\nFix this by moving the drm_prime_gem_destroy call from\nnouveau_gem_object_del to nouveau_bo_del_ttm. This ensures that it will\nbe run after ttm_bo_delayed_delete.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37765",
          "url": "https://www.suse.com/security/cve/CVE-2025-37765"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242761 for CVE-2025-37765",
          "url": "https://bugzilla.suse.com/1242761"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37765"
    },
    {
      "cve": "CVE-2025-37766",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37766"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37766",
          "url": "https://www.suse.com/security/cve/CVE-2025-37766"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242785 for CVE-2025-37766",
          "url": "https://bugzilla.suse.com/1242785"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37766"
    },
    {
      "cve": "CVE-2025-37767",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37767"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37767",
          "url": "https://www.suse.com/security/cve/CVE-2025-37767"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242501 for CVE-2025-37767",
          "url": "https://bugzilla.suse.com/1242501"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37767"
    },
    {
      "cve": "CVE-2025-37768",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37768"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37768",
          "url": "https://www.suse.com/security/cve/CVE-2025-37768"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242567 for CVE-2025-37768",
          "url": "https://bugzilla.suse.com/1242567"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37768"
    },
    {
      "cve": "CVE-2025-37769",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37769"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm/smu11: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n(cherry picked from commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37769",
          "url": "https://www.suse.com/security/cve/CVE-2025-37769"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242587 for CVE-2025-37769",
          "url": "https://bugzilla.suse.com/1242587"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37769"
    },
    {
      "cve": "CVE-2025-37770",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37770"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37770",
          "url": "https://www.suse.com/security/cve/CVE-2025-37770"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242764 for CVE-2025-37770",
          "url": "https://bugzilla.suse.com/1242764"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37770"
    },
    {
      "cve": "CVE-2025-37771",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37771"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37771",
          "url": "https://www.suse.com/security/cve/CVE-2025-37771"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242781 for CVE-2025-37771",
          "url": "https://bugzilla.suse.com/1242781"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37771"
    },
    {
      "cve": "CVE-2025-37772",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37772"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix workqueue crash in cma_netevent_work_handler\n\nstruct rdma_cm_id has member \"struct work_struct net_work\"\nthat is reused for enqueuing cma_netevent_work_handler()s\nonto cma_wq.\n\nBelow crash[1] can occur if more than one call to\ncma_netevent_callback() occurs in quick succession,\nwhich further enqueues cma_netevent_work_handler()s for the\nsame rdma_cm_id, overwriting any previously queued work-item(s)\nthat was just scheduled to run i.e. there is no guarantee\nthe queued work item may run between two successive calls\nto cma_netevent_callback() and the 2nd INIT_WORK would overwrite\nthe 1st work item (for the same rdma_cm_id), despite grabbing\nid_table_lock during enqueue.\n\nAlso drgn analysis [2] indicates the work item was likely overwritten.\n\nFix this by moving the INIT_WORK() to __rdma_create_id(),\nso that it doesn\u0027t race with any existing queue_work() or\nits worker thread.\n\n[1] Trimmed crash stack:\n=============================================\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nkworker/u256:6 ... 6.12.0-0...\nWorkqueue:  cma_netevent_work_handler [rdma_cm] (rdma_cm)\nRIP: 0010:process_one_work+0xba/0x31a\nCall Trace:\n worker_thread+0x266/0x3a0\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n=============================================\n\n[2] drgn crash analysis:\n\n\u003e\u003e\u003e trace = prog.crashed_thread().stack_trace()\n\u003e\u003e\u003e trace\n(0)  crash_setup_regs (./arch/x86/include/asm/kexec.h:111:15)\n(1)  __crash_kexec (kernel/crash_core.c:122:4)\n(2)  panic (kernel/panic.c:399:3)\n(3)  oops_end (arch/x86/kernel/dumpstack.c:382:3)\n...\n(8)  process_one_work (kernel/workqueue.c:3168:2)\n(9)  process_scheduled_works (kernel/workqueue.c:3310:3)\n(10) worker_thread (kernel/workqueue.c:3391:4)\n(11) kthread (kernel/kthread.c:389:9)\n\nLine workqueue.c:3168 for this kernel version is in process_one_work():\n3168\tstrscpy(worker-\u003edesc, pwq-\u003ewq-\u003ename, WORKER_DESC_LEN);\n\n\u003e\u003e\u003e trace[8][\"work\"]\n*(struct work_struct *)0xffff92577d0a21d8 = {\n\t.data = (atomic_long_t){\n\t\t.counter = (s64)536870912,    \u003c=== Note\n\t},\n\t.entry = (struct list_head){\n\t\t.next = (struct list_head *)0xffff924d075924c0,\n\t\t.prev = (struct list_head *)0xffff924d075924c0,\n\t},\n\t.func = (work_func_t)cma_netevent_work_handler+0x0 = 0xffffffffc2cec280,\n}\n\nSuspicion is that pwq is NULL:\n\u003e\u003e\u003e trace[8][\"pwq\"]\n(struct pool_workqueue *)\u003cabsent\u003e\n\nIn process_one_work(), pwq is assigned from:\nstruct pool_workqueue *pwq = get_work_pwq(work);\n\nand get_work_pwq() is:\nstatic struct pool_workqueue *get_work_pwq(struct work_struct *work)\n{\n \tunsigned long data = atomic_long_read(\u0026work-\u003edata);\n\n \tif (data \u0026 WORK_STRUCT_PWQ)\n \t\treturn work_struct_pwq(data);\n \telse\n \t\treturn NULL;\n}\n\nWORK_STRUCT_PWQ is 0x4:\n\u003e\u003e\u003e print(repr(prog[\u0027WORK_STRUCT_PWQ\u0027]))\nObject(prog, \u0027enum work_flags\u0027, value=4)\n\nBut work-\u003edata is 536870912 which is 0x20000000.\nSo, get_work_pwq() returns NULL and we crash in process_one_work():\n3168\tstrscpy(worker-\u003edesc, pwq-\u003ewq-\u003ename, WORKER_DESC_LEN);\n=============================================",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37772",
          "url": "https://www.suse.com/security/cve/CVE-2025-37772"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242563 for CVE-2025-37772",
          "url": "https://bugzilla.suse.com/1242563"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37772"
    },
    {
      "cve": "CVE-2025-37773",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37773"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: add filesystem context source name check\n\nIn certain scenarios, for example, during fuzz testing, the source\nname may be NULL, which could lead to a kernel panic. Therefore, an\nextra check for the source name should be added.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37773",
          "url": "https://www.suse.com/security/cve/CVE-2025-37773"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242502 for CVE-2025-37773",
          "url": "https://bugzilla.suse.com/1242502"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37773"
    },
    {
      "cve": "CVE-2025-37780",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37780"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: Prevent the use of too small fid\n\nsyzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1]\n\nThe handle_bytes value passed in by the reproducing program is equal to 12.\nIn handle_to_path(), only 12 bytes of memory are allocated for the structure\nfile_handle-\u003ef_handle member, which causes an out-of-bounds access when\naccessing the member parent_block of the structure isofs_fid in isofs,\nbecause accessing parent_block requires at least 16 bytes of f_handle.\nHere, fh_len is used to indirectly confirm that the value of handle_bytes\nis greater than 3 before accessing parent_block.\n\n[1]\nBUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\nRead of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466\nCPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x198/0x550 mm/kasan/report.c:521\n kasan_report+0xd8/0x138 mm/kasan/report.c:634\n __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380\n isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\n exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523\n do_handle_to_path+0xa0/0x198 fs/fhandle.c:257\n handle_to_path fs/fhandle.c:385 [inline]\n do_handle_open+0x8cc/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 6466:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306\n kmalloc_noprof include/linux/slab.h:905 [inline]\n handle_to_path fs/fhandle.c:357 [inline]\n do_handle_open+0x5a4/0xb8c fs/fhandle.c:403\n __do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n __se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37780",
          "url": "https://www.suse.com/security/cve/CVE-2025-37780"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242786 for CVE-2025-37780",
          "url": "https://bugzilla.suse.com/1242786"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37780"
    },
    {
      "cve": "CVE-2025-37781",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37781"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cros-ec-tunnel: defer probe if parent EC is not present\n\nWhen i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent\ndevice will not be found, leading to NULL pointer dereference.\n\nThat can also be reproduced by unbinding the controller driver and then\nloading i2c-cros-ec-tunnel module (or binding the device).\n\n[  271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[  271.998215] #PF: supervisor read access in kernel mode\n[  272.003351] #PF: error_code(0x0000) - not-present page\n[  272.008485] PGD 0 P4D 0\n[  272.011022] Oops: Oops: 0000 [#1] SMP NOPTI\n[  272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S                  6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full)  3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5\n[  272.030312] Tainted: [S]=CPU_OUT_OF_SPEC\n[  272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021\n[  272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel]\n[  272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 \u003c49\u003e 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9\n[  272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282\n[  272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000\n[  272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00\n[  272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000\n[  272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000\n[  272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10\n[  272.108198] FS:  00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000\n[  272.116282] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0\n[  272.129155] Call Trace:\n[  272.131606]  \u003cTASK\u003e\n[  272.133709]  ? acpi_dev_pm_attach+0xdd/0x110\n[  272.137985]  platform_probe+0x69/0xa0\n[  272.141652]  really_probe+0x152/0x310\n[  272.145318]  __driver_probe_device+0x77/0x110\n[  272.149678]  driver_probe_device+0x1e/0x190\n[  272.153864]  __driver_attach+0x10b/0x1e0\n[  272.157790]  ? driver_attach+0x20/0x20\n[  272.161542]  bus_for_each_dev+0x107/0x150\n[  272.165553]  bus_add_driver+0x15d/0x270\n[  272.169392]  driver_register+0x65/0x110\n[  272.173232]  ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698]\n[  272.182617]  do_one_initcall+0x110/0x350\n[  272.186543]  ? security_kernfs_init_security+0x49/0xd0\n[  272.191682]  ? __kernfs_new_node+0x1b9/0x240\n[  272.195954]  ? security_kernfs_init_security+0x49/0xd0\n[  272.201093]  ? __kernfs_new_node+0x1b9/0x240\n[  272.205365]  ? kernfs_link_sibling+0x105/0x130\n[  272.209810]  ? kernfs_next_descendant_post+0x1c/0xa0\n[  272.214773]  ? kernfs_activate+0x57/0x70\n[  272.218699]  ? kernfs_add_one+0x118/0x160\n[  272.222710]  ? __kernfs_create_file+0x71/0xa0\n[  272.227069]  ? sysfs_add_bin_file_mode_ns+0xd6/0x110\n[  272.232033]  ? internal_create_group+0x453/0x4a0\n[  272.236651]  ? __vunmap_range_noflush+0x214/0x2d0\n[  272.241355]  ? __free_frozen_pages+0x1dc/0x420\n[  272.245799]  ? free_vmap_area_noflush+0x10a/0x1c0\n[  272.250505]  ? load_module+0x1509/0x16f0\n[  272.254431]  do_init_module+0x60/0x230\n[  272.258181]  __se_sys_finit_module+0x27a/0x370\n[  272.262627]  do_syscall_64+0x6a/0xf0\n[  272.266206]  ? do_syscall_64+0x76/0xf0\n[  272.269956]  ? irqentry_exit_to_user_mode+0x79/0x90\n[  272.274836]  entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[  272.279887] RIP: 0033:0x7b9309168d39\n[  272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8\n[  272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37781",
          "url": "https://www.suse.com/security/cve/CVE-2025-37781"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242575 for CVE-2025-37781",
          "url": "https://bugzilla.suse.com/1242575"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37781"
    },
    {
      "cve": "CVE-2025-37782",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37782"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37782",
          "url": "https://www.suse.com/security/cve/CVE-2025-37782"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242770 for CVE-2025-37782",
          "url": "https://bugzilla.suse.com/1242770"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37782"
    },
    {
      "cve": "CVE-2025-37787",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37787"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered\n\nRussell King reports that a system with mv88e6xxx dereferences a NULL\npointer when unbinding this driver:\nhttps://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/\n\nThe crash seems to be in devlink_region_destroy(), which is not NULL\ntolerant but is given a NULL devlink global region pointer.\n\nAt least on some chips, some devlink regions are conditionally registered\nsince the blamed commit, see mv88e6xxx_setup_devlink_regions_global():\n\n\t\tif (cond \u0026\u0026 !cond(chip))\n\t\t\tcontinue;\n\nThese are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip\ndoes not have an STU or PVT, it should crash like this.\n\nTo fix the issue, avoid unregistering those regions which are NULL, i.e.\nwere skipped at mv88e6xxx_setup_devlink_regions_global() time.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37787",
          "url": "https://www.suse.com/security/cve/CVE-2025-37787"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242585 for CVE-2025-37787",
          "url": "https://bugzilla.suse.com/1242585"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37787"
    },
    {
      "cve": "CVE-2025-37788",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37788"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path\n\nIn the for loop used to allocate the loc_array and bmap for each port, a\nmemory leak is possible when the allocation for loc_array succeeds,\nbut the allocation for bmap fails. This is because when the control flow\ngoes to the label free_eth_finfo, only the allocations starting from\n(i-1)th iteration are freed.\n\nFix that by freeing the loc_array in the bmap allocation error path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37788",
          "url": "https://www.suse.com/security/cve/CVE-2025-37788"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242766 for CVE-2025-37788",
          "url": "https://bugzilla.suse.com/1242766"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37788"
    },
    {
      "cve": "CVE-2025-37789",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37789"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix nested key length validation in the set() action\n\nIt\u0027s not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header.  Check that the attribute is OK first.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37789",
          "url": "https://www.suse.com/security/cve/CVE-2025-37789"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242762 for CVE-2025-37789",
          "url": "https://bugzilla.suse.com/1242762"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37789"
    },
    {
      "cve": "CVE-2025-37790",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37790"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Set SOCK_RCU_FREE\n\nBind lookup runs under RCU, so ensure that a socket doesn\u0027t go away in\nthe middle of a lookup.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37790",
          "url": "https://www.suse.com/security/cve/CVE-2025-37790"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242509 for CVE-2025-37790",
          "url": "https://bugzilla.suse.com/1242509"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37790"
    },
    {
      "cve": "CVE-2025-37792",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37792"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btrtl: Prevent potential NULL dereference\n\nThe btrtl_initialize() function checks that rtl_load_file() either\nhad an error or it loaded a zero length file.  However, if it loaded\na zero length file then the error code is not set correctly.  It\nresults in an error pointer vs NULL bug, followed by a NULL pointer\ndereference.  This was detected by Smatch:\n\ndrivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to \u0027ERR_PTR\u0027",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37792",
          "url": "https://www.suse.com/security/cve/CVE-2025-37792"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242591 for CVE-2025-37792",
          "url": "https://bugzilla.suse.com/1242591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37792"
    },
    {
      "cve": "CVE-2025-37793",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37793"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\navs_component_probe() does not check for this case, which results in a\nNULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37793",
          "url": "https://www.suse.com/security/cve/CVE-2025-37793"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242584 for CVE-2025-37793",
          "url": "https://bugzilla.suse.com/1242584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37793"
    },
    {
      "cve": "CVE-2025-37794",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37794"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Purge vif txq in ieee80211_do_stop()\n\nAfter ieee80211_do_stop() SKB from vif\u0027s txq could still be processed.\nIndeed another concurrent vif schedule_and_wake_txq call could cause\nthose packets to be dequeued (see ieee80211_handle_wake_tx_queue())\nwithout checking the sdata current state.\n\nBecause vif.drv_priv is now cleared in this function, this could lead to\ndriver crash.\n\nFor example in ath12k, ahvif is store in vif.drv_priv. Thus if\nath12k_mac_op_tx() is called after ieee80211_do_stop(), ahvif-\u003eah can be\nNULL, leading the ath12k_warn(ahvif-\u003eah,...) call in this function to\ntrigger the NULL deref below.\n\n  Unable to handle kernel paging request at virtual address dfffffc000000001\n  KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\n  batman_adv: bat0: Interface deactivated: brbh1337\n  Mem abort info:\n    ESR = 0x0000000096000004\n    EC = 0x25: DABT (current EL), IL = 32 bits\n    SET = 0, FnV = 0\n    EA = 0, S1PTW = 0\n    FSC = 0x04: level 0 translation fault\n  Data abort info:\n    ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n    CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n    GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n  [dfffffc000000001] address between user and kernel address ranges\n  Internal error: Oops: 0000000096000004 [#1] SMP\n  CPU: 1 UID: 0 PID: 978 Comm: lbd Not tainted 6.13.0-g633f875b8f1e #114\n  Hardware name: HW (DT)\n  pstate: 10000005 (nzcV daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k]\n  lr : ath12k_mac_op_tx+0x174/0x29b8 [ath12k]\n  sp : ffffffc086ace450\n  x29: ffffffc086ace450 x28: 0000000000000000 x27: 1ffffff810d59ca4\n  x26: ffffff801d05f7c0 x25: 0000000000000000 x24: 000000004000001e\n  x23: ffffff8009ce4926 x22: ffffff801f9c0800 x21: ffffff801d05f7f0\n  x20: ffffff8034a19f40 x19: 0000000000000000 x18: ffffff801f9c0958\n  x17: ffffff800bc0a504 x16: dfffffc000000000 x15: ffffffc086ace4f8\n  x14: ffffff801d05f83c x13: 0000000000000000 x12: ffffffb003a0bf03\n  x11: 0000000000000000 x10: ffffffb003a0bf02 x9 : ffffff8034a19f40\n  x8 : ffffff801d05f818 x7 : 1ffffff0069433dc x6 : ffffff8034a19ee0\n  x5 : ffffff801d05f7f0 x4 : 0000000000000000 x3 : 0000000000000001\n  x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000008\n  Call trace:\n   ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] (P)\n   ieee80211_handle_wake_tx_queue+0x16c/0x260\n   ieee80211_queue_skb+0xeec/0x1d20\n   ieee80211_tx+0x200/0x2c8\n   ieee80211_xmit+0x22c/0x338\n   __ieee80211_subif_start_xmit+0x7e8/0xc60\n   ieee80211_subif_start_xmit+0xc4/0xee0\n   __ieee80211_subif_start_xmit_8023.isra.0+0x854/0x17a0\n   ieee80211_subif_start_xmit_8023+0x124/0x488\n   dev_hard_start_xmit+0x160/0x5a8\n   __dev_queue_xmit+0x6f8/0x3120\n   br_dev_queue_push_xmit+0x120/0x4a8\n   __br_forward+0xe4/0x2b0\n   deliver_clone+0x5c/0xd0\n   br_flood+0x398/0x580\n   br_dev_xmit+0x454/0x9f8\n   dev_hard_start_xmit+0x160/0x5a8\n   __dev_queue_xmit+0x6f8/0x3120\n   ip6_finish_output2+0xc28/0x1b60\n   __ip6_finish_output+0x38c/0x638\n   ip6_output+0x1b4/0x338\n   ip6_local_out+0x7c/0xa8\n   ip6_send_skb+0x7c/0x1b0\n   ip6_push_pending_frames+0x94/0xd0\n   rawv6_sendmsg+0x1a98/0x2898\n   inet_sendmsg+0x94/0xe0\n   __sys_sendto+0x1e4/0x308\n   __arm64_sys_sendto+0xc4/0x140\n   do_el0_svc+0x110/0x280\n   el0_svc+0x20/0x60\n   el0t_64_sync_handler+0x104/0x138\n   el0t_64_sync+0x154/0x158\n\nTo avoid that, empty vif\u0027s txq at ieee80211_do_stop() so no packet could\nbe dequeued after ieee80211_do_stop() (new packets cannot be queued\nbecause SDATA_STATE_RUNNING is cleared at this point).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37794",
          "url": "https://www.suse.com/security/cve/CVE-2025-37794"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242566 for CVE-2025-37794",
          "url": "https://bugzilla.suse.com/1242566"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37794"
    },
    {
      "cve": "CVE-2025-37796",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37796"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: at76c50x: fix use after free access in at76_disconnect\n\nThe memory pointed to by priv is freed at the end of at76_delete_device\nfunction (using ieee80211_free_hw). But the code then accesses the udev\nfield of the freed object to put the USB device. This may also lead to a\nmemory leak of the usb device. Fix this by using udev from interface.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37796",
          "url": "https://www.suse.com/security/cve/CVE-2025-37796"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242727 for CVE-2025-37796",
          "url": "https://bugzilla.suse.com/1242727"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37796"
    },
    {
      "cve": "CVE-2025-37797",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37797"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n   codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n   the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n   are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37797",
          "url": "https://www.suse.com/security/cve/CVE-2025-37797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242417 for CVE-2025-37797",
          "url": "https://bugzilla.suse.com/1242417"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245793 for CVE-2025-37797",
          "url": "https://bugzilla.suse.com/1245793"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-37797"
    },
    {
      "cve": "CVE-2025-37798",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37798"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog()\n\nAfter making all -\u003eqlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37798",
          "url": "https://www.suse.com/security/cve/CVE-2025-37798"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242414 for CVE-2025-37798",
          "url": "https://bugzilla.suse.com/1242414"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242417 for CVE-2025-37798",
          "url": "https://bugzilla.suse.com/1242417"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-37798"
    },
    {
      "cve": "CVE-2025-37800",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37800"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix potential NULL pointer dereference in dev_uevent()\n\nIf userspace reads \"uevent\" device attribute at the same time as another\nthreads unbinds the device from its driver, change to dev-\u003edriver from a\nvalid pointer to NULL may result in crash. Fix this by using READ_ONCE()\nwhen fetching the pointer, and take bus\u0027 drivers klist lock to make sure\ndriver instance will not disappear while we access it.\n\nUse WRITE_ONCE() when setting the driver pointer to ensure there is no\ntearing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37800",
          "url": "https://www.suse.com/security/cve/CVE-2025-37800"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242849 for CVE-2025-37800",
          "url": "https://bugzilla.suse.com/1242849"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37800"
    },
    {
      "cve": "CVE-2025-37801",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37801"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-imx: Add check for spi_imx_setupxfer()\n\nAdd check for the return value of spi_imx_setupxfer().\nspi_imx-\u003erx and spi_imx-\u003etx function pointer can be NULL when\nspi_imx_setupxfer() return error, and make NULL pointer dereference.\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Call trace:\n  0x0\n  spi_imx_pio_transfer+0x50/0xd8\n  spi_imx_transfer_one+0x18c/0x858\n  spi_transfer_one_message+0x43c/0x790\n  __spi_pump_transfer_message+0x238/0x5d4\n  __spi_sync+0x2b0/0x454\n  spi_write_then_read+0x11c/0x200",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37801",
          "url": "https://www.suse.com/security/cve/CVE-2025-37801"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242850 for CVE-2025-37801",
          "url": "https://bugzilla.suse.com/1242850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37801"
    },
    {
      "cve": "CVE-2025-37803",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37803"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64  when calculate pglimit.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37803",
          "url": "https://www.suse.com/security/cve/CVE-2025-37803"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242852 for CVE-2025-37803",
          "url": "https://bugzilla.suse.com/1242852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37803"
    },
    {
      "cve": "CVE-2025-37804",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37804"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37804",
          "url": "https://www.suse.com/security/cve/CVE-2025-37804"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242854 for CVE-2025-37804",
          "url": "https://bugzilla.suse.com/1242854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37804"
    },
    {
      "cve": "CVE-2025-37805",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37805"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsound/virtio: Fix cancel_sync warnings on uninitialized work_structs\n\nBetty reported hitting the following warning:\n\n[    8.709131][  T221] WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182\n...\n[    8.713282][  T221] Call trace:\n[    8.713365][  T221]  __flush_work+0x8d0/0x914\n[    8.713468][  T221]  __cancel_work_sync+0xac/0xfc\n[    8.713570][  T221]  cancel_work_sync+0x24/0x34\n[    8.713667][  T221]  virtsnd_remove+0xa8/0xf8 [virtio_snd ab15f34d0dd772f6d11327e08a81d46dc9c36276]\n[    8.713868][  T221]  virtsnd_probe+0x48c/0x664 [virtio_snd ab15f34d0dd772f6d11327e08a81d46dc9c36276]\n[    8.714035][  T221]  virtio_dev_probe+0x28c/0x390\n[    8.714139][  T221]  really_probe+0x1bc/0x4c8\n...\n\nIt seems we\u0027re hitting the error path in virtsnd_probe(), which\ntriggers a virtsnd_remove() which iterates over the substreams\ncalling cancel_work_sync() on the elapsed_period work_struct.\n\nLooking at the code, from earlier in:\nvirtsnd_probe()-\u003evirtsnd_build_devs()-\u003evirtsnd_pcm_parse_cfg()\n\nWe set snd-\u003ensubstreams, allocate the snd-\u003esubstreams, and if\nwe then hit an error on the info allocation or something in\nvirtsnd_ctl_query_info() fails, we will exit without having\ninitialized the elapsed_period work_struct.\n\nWhen that error path unwinds we then call virtsnd_remove()\nwhich as long as the substreams array is allocated, will iterate\nthrough calling cancel_work_sync() on the uninitialized work\nstruct hitting this warning.\n\nTakashi Iwai suggested this fix, which initializes the substreams\nstructure right after allocation, so that if we hit the error\npaths we avoid trying to cleanup uninitialized data.\n\nNote: I have not yet managed to reproduce the issue myself, so\nthis patch has had limited testing.\n\nFeedback or thoughts would be appreciated!",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37805",
          "url": "https://www.suse.com/security/cve/CVE-2025-37805"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242930 for CVE-2025-37805",
          "url": "https://bugzilla.suse.com/1242930"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37805"
    },
    {
      "cve": "CVE-2025-37809",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37809"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: class: Fix NULL pointer access\n\nConcurrent calls to typec_partner_unlink_device can lead to a NULL pointer\ndereference. This patch adds a mutex to protect USB device pointers and\nprevent this issue. The same mutex protects both the device pointers and\nthe partner device registration.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37809",
          "url": "https://www.suse.com/security/cve/CVE-2025-37809"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242856 for CVE-2025-37809",
          "url": "https://bugzilla.suse.com/1242856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37809"
    },
    {
      "cve": "CVE-2025-37810",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37810"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: check that event count does not exceed event buffer length\n\nThe event count is read from register DWC3_GEVNTCOUNT.\nThere is a check for the count being zero, but not for exceeding the\nevent buffer length.\nCheck that event count does not exceed event buffer length,\navoiding an out-of-bounds access when memcpy\u0027ing the event.\nCrash log:\nUnable to handle kernel paging request at virtual address ffffffc0129be000\npc : __memcpy+0x114/0x180\nlr : dwc3_check_event_buf+0xec/0x348\nx3 : 0000000000000030 x2 : 000000000000dfc4\nx1 : ffffffc0129be000 x0 : ffffff87aad60080\nCall trace:\n__memcpy+0x114/0x180\ndwc3_interrupt+0x24/0x34",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37810",
          "url": "https://www.suse.com/security/cve/CVE-2025-37810"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242906 for CVE-2025-37810",
          "url": "https://bugzilla.suse.com/1242906"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37810"
    },
    {
      "cve": "CVE-2025-37812",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37812"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: Fix deadlock when using NCM gadget\n\nThe cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit\n58f2fcb3a845 (\"usb: cdnsp: Fix deadlock issue during using NCM gadget\").\n\nUnder PREEMPT_RT the deadlock can be readily triggered by heavy network\ntraffic, for example using \"iperf --bidir\" over NCM ethernet link.\n\nThe deadlock occurs because the threaded interrupt handler gets\npreempted by a softirq, but both are protected by the same spinlock.\nPrevent deadlock by disabling softirq during threaded irq handler.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37812",
          "url": "https://www.suse.com/security/cve/CVE-2025-37812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242908 for CVE-2025-37812",
          "url": "https://bugzilla.suse.com/1242908"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37812"
    },
    {
      "cve": "CVE-2025-37815",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37815"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration\n\nResolve kernel panic while accessing IRQ handler associated with the\ngenerated IRQ. This is done by acquiring the spinlock and storing the\ncurrent interrupt state before handling the interrupt request using\ngeneric_handle_irq.\n\nA previous fix patch was submitted where \u0027generic_handle_irq\u0027 was\nreplaced with \u0027handle_nested_irq\u0027. However, this change also causes\nthe kernel panic where after determining which GPIO triggered the\ninterrupt and attempting to call handle_nested_irq with the mapped\nIRQ number, leads to a failure in locating the registered handler.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37815",
          "url": "https://www.suse.com/security/cve/CVE-2025-37815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242871 for CVE-2025-37815",
          "url": "https://bugzilla.suse.com/1242871"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37815"
    },
    {
      "cve": "CVE-2025-37819",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37819"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()\n\nWith ACPI in place, gicv2m_get_fwnode() is registered with the pci\nsubsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime\nduring a PCI host bridge probe. But, the call back is wrongly marked as\n__init, causing it to be freed, while being registered with the PCI\nsubsystem and could trigger:\n\n Unable to handle kernel paging request at virtual address ffff8000816c0400\n  gicv2m_get_fwnode+0x0/0x58 (P)\n  pci_set_bus_msi_domain+0x74/0x88\n  pci_register_host_bridge+0x194/0x548\n\nThis is easily reproducible on a Juno board with ACPI boot.\n\nRetain the function for later use.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37819",
          "url": "https://www.suse.com/security/cve/CVE-2025-37819"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242873 for CVE-2025-37819",
          "url": "https://bugzilla.suse.com/1242873"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37819"
    },
    {
      "cve": "CVE-2025-37820",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37820"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: handle NULL returned by xdp_convert_buff_to_frame()\n\nThe function xdp_convert_buff_to_frame() may return NULL if it fails\nto correctly convert the XDP buffer into an XDP frame due to memory\nconstraints, internal errors, or invalid data. Failing to check for NULL\nmay lead to a NULL pointer dereference if the result is used later in\nprocessing, potentially causing crashes, data corruption, or undefined\nbehavior.\n\nOn XDP redirect failure, the associated page must be released explicitly\nif it was previously retained via get_page(). Failing to do so may result\nin a memory leak, as the pages reference count is not decremented.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37820",
          "url": "https://www.suse.com/security/cve/CVE-2025-37820"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242866 for CVE-2025-37820",
          "url": "https://bugzilla.suse.com/1242866"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37820"
    },
    {
      "cve": "CVE-2025-37823",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37823"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too\n\nSimilarly to the previous patch, we need to safe guard hfsc_dequeue()\ntoo. But for this one, we don\u0027t have a reliable reproducer.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37823",
          "url": "https://www.suse.com/security/cve/CVE-2025-37823"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242924 for CVE-2025-37823",
          "url": "https://bugzilla.suse.com/1242924"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37823"
    },
    {
      "cve": "CVE-2025-37824",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37824"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix NULL pointer dereference in tipc_mon_reinit_self()\n\nsyzbot reported:\n\ntipc: Node number set to 1055423674\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: events tipc_net_finalize_work\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS:  0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tipc_net_finalize+0x10b/0x180 net/tipc/net.c:140\n process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\n process_scheduled_works kernel/workqueue.c:3319 [inline]\n worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\n kthread+0x3c2/0x780 kernel/kthread.c:464\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n...\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS:  0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nThere is a racing condition between workqueue created when enabling\nbearer and another thread created when disabling bearer right after\nthat as follow:\n\nenabling_bearer                          | disabling_bearer\n---------------                          | ----------------\ntipc_disc_timeout()                      |\n{                                        | bearer_disable()\n ...                                     | {\n schedule_work(\u0026tn-\u003ework);               |  tipc_mon_delete()\n ...                                     |  {\n}                                        |   ...\n                                         |   write_lock_bh(\u0026mon-\u003elock);\n                                         |   mon-\u003eself = NULL;\n                                         |   write_unlock_bh(\u0026mon-\u003elock);\n                                         |   ...\n                                         |  }\ntipc_net_finalize_work()                 | }\n{                                        |\n ...                                     |\n tipc_net_finalize()                     |\n {                                       |\n  ...                                    |\n  tipc_mon_reinit_self()                 |\n  {                                      |\n   ...                                   |\n   write_lock_bh(\u0026mon-\u003elock);            |\n   mon-\u003eself-\u003eaddr = tipc_own_addr(net); |\n   write_unlock_bh(\u0026mon-\u003elock);          |\n   ...             \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37824",
          "url": "https://www.suse.com/security/cve/CVE-2025-37824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242867 for CVE-2025-37824",
          "url": "https://bugzilla.suse.com/1242867"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37824"
    },
    {
      "cve": "CVE-2025-37829",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37829"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. scpi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37829",
          "url": "https://www.suse.com/security/cve/CVE-2025-37829"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242875 for CVE-2025-37829",
          "url": "https://bugzilla.suse.com/1242875"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37829"
    },
    {
      "cve": "CVE-2025-37830",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37830"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. scmi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.\n\nAdd NULL check after cpufreq_cpu_get_raw() to prevent this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37830",
          "url": "https://www.suse.com/security/cve/CVE-2025-37830"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242860 for CVE-2025-37830",
          "url": "https://bugzilla.suse.com/1242860"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37830"
    },
    {
      "cve": "CVE-2025-37831",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37831"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()\n\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy-\u003ecpus mask. apple_soc_cpufreq_get_rate() does not check\nfor this case, which results in a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37831",
          "url": "https://www.suse.com/security/cve/CVE-2025-37831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242861 for CVE-2025-37831",
          "url": "https://bugzilla.suse.com/1242861"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37831"
    },
    {
      "cve": "CVE-2025-37833",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37833"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads\n\nFix niu_try_msix() to not cause a fatal trap on sparc systems.\n\nSet PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to\nwork around a bug in the hardware or firmware.\n\nFor each vector entry in the msix table, niu chips will cause a fatal\ntrap if any registers in that entry are read before that entries\u0027\nENTRY_DATA register is written to. Testing indicates writes to other\nregisters are not sufficient to prevent the fatal trap, however the value\ndoes not appear to matter. This only needs to happen once after power up,\nso simply rebooting into a kernel lacking this fix will NOT cause the\ntrap.\n\nNON-RESUMABLE ERROR: Reporting on cpu 64\nNON-RESUMABLE ERROR: TPC [0x00000000005f6900] \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\nNON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff\nNON-RESUMABLE ERROR:      0000000800000000:0000000000000000:0000000000000000:0000000000000000]\nNON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]\nNON-RESUMABLE ERROR: type [precise nonresumable]\nNON-RESUMABLE ERROR: attrs [0x02000080] \u003c ASI sp-faulted priv \u003e\nNON-RESUMABLE ERROR: raddr [0xffffffffffffffff]\nNON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]\nNON-RESUMABLE ERROR: size [0x8]\nNON-RESUMABLE ERROR: asi [0x00]\nCPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63\nWorkqueue: events work_for_cpu_fn\nTSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000    Not tainted\nTPC: \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\ng0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100\ng4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000\no0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620\no4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128\nRPC: \u003c__pci_enable_msix_range+0x3cc/0x460\u003e\nl0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020\nl4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734\ni0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d\ni4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0\nI7: \u003cniu_try_msix.constprop.0+0xc0/0x130 [niu]\u003e\nCall Trace:\n[\u003c00000000101888b0\u003e] niu_try_msix.constprop.0+0xc0/0x130 [niu]\n[\u003c000000001018f840\u003e] niu_get_invariants+0x183c/0x207c [niu]\n[\u003c00000000101902fc\u003e] niu_pci_init_one+0x27c/0x2fc [niu]\n[\u003c00000000005ef3e4\u003e] local_pci_probe+0x28/0x74\n[\u003c0000000000469240\u003e] work_for_cpu_fn+0x8/0x1c\n[\u003c000000000046b008\u003e] process_scheduled_works+0x144/0x210\n[\u003c000000000046b518\u003e] worker_thread+0x13c/0x1c0\n[\u003c00000000004710e0\u003e] kthread+0xb8/0xc8\n[\u003c00000000004060c8\u003e] ret_from_fork+0x1c/0x2c\n[\u003c0000000000000000\u003e] 0x0\nKernel panic - not syncing: Non-resumable error.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37833",
          "url": "https://www.suse.com/security/cve/CVE-2025-37833"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242868 for CVE-2025-37833",
          "url": "https://bugzilla.suse.com/1242868"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37833"
    },
    {
      "cve": "CVE-2025-37836",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37836"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix reference leak in pci_register_host_bridge()\n\nIf device_register() fails, call put_device() to give up the reference to\navoid a memory leak, per the comment at device_register().\n\nFound by code review.\n\n[bhelgaas: squash Dan Carpenter\u0027s double free fix from\nhttps://lore.kernel.org/r/db806a6c-a91b-4e5a-a84b-6b7e01bdac85@stanley.mountain]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37836",
          "url": "https://www.suse.com/security/cve/CVE-2025-37836"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242957 for CVE-2025-37836",
          "url": "https://bugzilla.suse.com/1242957"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37836"
    },
    {
      "cve": "CVE-2025-37839",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37839"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: remove wrong sb-\u003es_sequence check\n\nJournal emptiness is not determined by sb-\u003es_sequence == 0 but rather by\nsb-\u003es_start == 0 (which is set a few lines above). Furthermore 0 is a\nvalid transaction ID so the check can spuriously trigger. Remove the\ninvalid WARN_ON.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37839",
          "url": "https://www.suse.com/security/cve/CVE-2025-37839"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242990 for CVE-2025-37839",
          "url": "https://bugzilla.suse.com/1242990"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37839"
    },
    {
      "cve": "CVE-2025-37840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: fix PM resume warning\n\nFixed warning on PM resume as shown below caused due to uninitialized\nstruct nand_operation that checks chip select field :\nWARN_ON(op-\u003ecs \u003e= nanddev_ntargets(\u0026chip-\u003ebase)\n\n[   14.588522] ------------[ cut here ]------------\n[   14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nand_reset_op+0x1e0/0x1f8\n[   14.588553] Modules linked in: bdc udc_core\n[   14.588579] CPU: 0 UID: 0 PID: 1392 Comm: rtcwake Tainted: G        W          6.14.0-rc4-g5394eea10651 #16\n[   14.588590] Tainted: [W]=WARN\n[   14.588593] Hardware name: Broadcom STB (Flattened Device Tree)\n[   14.588598] Call trace:\n[   14.588604]  dump_backtrace from show_stack+0x18/0x1c\n[   14.588622]  r7:00000009 r6:0000008b r5:60000153 r4:c0fa558c\n[   14.588625]  show_stack from dump_stack_lvl+0x70/0x7c\n[   14.588639]  dump_stack_lvl from dump_stack+0x18/0x1c\n[   14.588653]  r5:c08d40b0 r4:c1003cb0\n[   14.588656]  dump_stack from __warn+0x84/0xe4\n[   14.588668]  __warn from warn_slowpath_fmt+0x18c/0x194\n[   14.588678]  r7:c08d40b0 r6:c1003cb0 r5:00000000 r4:00000000\n[   14.588681]  warn_slowpath_fmt from nand_reset_op+0x1e0/0x1f8\n[   14.588695]  r8:70c40dff r7:89705f41 r6:36b4a597 r5:c26c9444 r4:c26b0048\n[   14.588697]  nand_reset_op from brcmnand_resume+0x13c/0x150\n[   14.588714]  r9:00000000 r8:00000000 r7:c24f8010 r6:c228a3f8 r5:c26c94bc r4:c26b0040\n[   14.588717]  brcmnand_resume from platform_pm_resume+0x34/0x54\n[   14.588735]  r5:00000010 r4:c0840a50\n[   14.588738]  platform_pm_resume from dpm_run_callback+0x5c/0x14c\n[   14.588757]  dpm_run_callback from device_resume+0xc0/0x324\n[   14.588776]  r9:c24f8054 r8:c24f80a0 r7:00000000 r6:00000000 r5:00000010 r4:c24f8010\n[   14.588779]  device_resume from dpm_resume+0x130/0x160\n[   14.588799]  r9:c22539e4 r8:00000010 r7:c22bebb0 r6:c24f8010 r5:c22539dc r4:c22539b0\n[   14.588802]  dpm_resume from dpm_resume_end+0x14/0x20\n[   14.588822]  r10:c2204e40 r9:00000000 r8:c228a3fc r7:00000000 r6:00000003 r5:c228a414\n[   14.588826]  r4:00000010\n[   14.588828]  dpm_resume_end from suspend_devices_and_enter+0x274/0x6f8\n[   14.588848]  r5:c228a414 r4:00000000\n[   14.588851]  suspend_devices_and_enter from pm_suspend+0x228/0x2bc\n[   14.588868]  r10:c3502910 r9:c3501f40 r8:00000004 r7:c228a438 r6:c0f95e18 r5:00000000\n[   14.588871]  r4:00000003\n[   14.588874]  pm_suspend from state_store+0x74/0xd0\n[   14.588889]  r7:c228a438 r6:c0f934c8 r5:00000003 r4:00000003\n[   14.588892]  state_store from kobj_attr_store+0x1c/0x28\n[   14.588913]  r9:00000000 r8:00000000 r7:f09f9f08 r6:00000004 r5:c3502900 r4:c0283250\n[   14.588916]  kobj_attr_store from sysfs_kf_write+0x40/0x4c\n[   14.588936]  r5:c3502900 r4:c0d92a48\n[   14.588939]  sysfs_kf_write from kernfs_fop_write_iter+0x104/0x1f0\n[   14.588956]  r5:c3502900 r4:c3501f40\n[   14.588960]  kernfs_fop_write_iter from vfs_write+0x250/0x420\n[   14.588980]  r10:c0e14b48 r9:00000000 r8:c25f5780 r7:00443398 r6:f09f9f68 r5:c34f7f00\n[   14.588983]  r4:c042a88c\n[   14.588987]  vfs_write from ksys_write+0x74/0xe4\n[   14.589005]  r10:00000004 r9:c25f5780 r8:c02002fA0 r7:00000000 r6:00000000 r5:c34f7f00\n[   14.589008]  r4:c34f7f00\n[   14.589011]  ksys_write from sys_write+0x10/0x14\n[   14.589029]  r7:00000004 r6:004421c0 r5:00443398 r4:00000004\n[   14.589032]  sys_write from ret_fast_syscall+0x0/0x5c\n[   14.589044] Exception stack(0xf09f9fa8 to 0xf09f9ff0)\n[   14.589050] 9fa0:                   00000004 00443398 00000004 00443398 00000004 00000001\n[   14.589056] 9fc0: 00000004 00443398 004421c0 00000004 b6ecbd58 00000008 bebfbc38 0043eb78\n[   14.589062] 9fe0: 00440eb0 bebfbaf8 b6de18a0 b6e579e8\n[   14.589065] ---[ end trace 0000000000000000 ]---\n\nThe fix uses the higher level nand_reset(chip, chipnr); where chipnr = 0, when\ndoing PM resume operation in compliance with the controller support for single\ndie nand chip. Switching from nand_reset_op() to nan\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37840",
          "url": "https://www.suse.com/security/cve/CVE-2025-37840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242953 for CVE-2025-37840",
          "url": "https://bugzilla.suse.com/1242953"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37840"
    },
    {
      "cve": "CVE-2025-37841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npm: cpupower: bench: Prevent NULL dereference on malloc failure\n\nIf malloc returns NULL due to low memory, \u0027config\u0027 pointer can be NULL.\nAdd a check to prevent NULL dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37841",
          "url": "https://www.suse.com/security/cve/CVE-2025-37841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242974 for CVE-2025-37841",
          "url": "https://bugzilla.suse.com/1242974"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37841"
    },
    {
      "cve": "CVE-2025-37842",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37842"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-qspi: use devm function instead of driver remove\n\nDriver use devm APIs to manage clk/irq/resources and register the spi\ncontroller, but the legacy remove function will be called first during\ndevice detach and trigger kernel panic. Drop the remove function and use\ndevm_add_action_or_reset() for driver cleanup to ensure the release\nsequence.\n\nTrigger kernel panic on i.MX8MQ by\necho 30bb0000.spi \u003e/sys/bus/platform/drivers/fsl-quadspi/unbind",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37842",
          "url": "https://www.suse.com/security/cve/CVE-2025-37842"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242951 for CVE-2025-37842",
          "url": "https://bugzilla.suse.com/1242951"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37842"
    },
    {
      "cve": "CVE-2025-37844",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37844"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: avoid NULL pointer dereference in dbg call\n\ncifs_server_dbg() implies server to be non-NULL so\nmove call under condition to avoid NULL pointer dereference.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37844",
          "url": "https://www.suse.com/security/cve/CVE-2025-37844"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242946 for CVE-2025-37844",
          "url": "https://bugzilla.suse.com/1242946"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37844"
    },
    {
      "cve": "CVE-2025-37849",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37849"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Tear down vGIC on failed vCPU creation\n\nIf kvm_arch_vcpu_create() fails to share the vCPU page with the\nhypervisor, we propagate the error back to the ioctl but leave the\nvGIC vCPU data initialised. Note only does this leak the corresponding\nmemory when the vCPU is destroyed but it can also lead to use-after-free\nif the redistributor device handling tries to walk into the vCPU.\n\nAdd the missing cleanup to kvm_arch_vcpu_create(), ensuring that the\nvGIC vCPU structures are destroyed on error.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37849",
          "url": "https://www.suse.com/security/cve/CVE-2025-37849"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243000 for CVE-2025-37849",
          "url": "https://bugzilla.suse.com/1243000"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37849"
    },
    {
      "cve": "CVE-2025-37850",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37850"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()\n\nWith CONFIG_COMPILE_TEST \u0026\u0026 !CONFIG_HAVE_CLK, pwm_mediatek_config() has a\ndivide-by-zero in the following line:\n\n\tdo_div(resolution, clk_get_rate(pc-\u003eclk_pwms[pwm-\u003ehwpwm]));\n\ndue to the fact that the !CONFIG_HAVE_CLK version of clk_get_rate()\nreturns zero.\n\nThis is presumably just a theoretical problem: COMPILE_TEST overrides\nthe dependency on RALINK which would select COMMON_CLK.  Regardless it\u0027s\na good idea to check for the error explicitly to avoid divide-by-zero.\n\nFixes the following warning:\n\n  drivers/pwm/pwm-mediatek.o: warning: objtool: .text: unexpected end of section\n\n[ukleinek: s/CONFIG_CLK/CONFIG_HAVE_CLK/]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37850",
          "url": "https://www.suse.com/security/cve/CVE-2025-37850"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242955 for CVE-2025-37850",
          "url": "https://bugzilla.suse.com/1242955"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37850"
    },
    {
      "cve": "CVE-2025-37851",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37851"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: Add \u0027plane\u0027 value check\n\nFunction dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB\nof the enum parameter plane.\n\nThe value of this parameter is initialized in dss_init_overlays and in the\ncurrent state of the code it cannot take this value so it\u0027s not a real\nproblem.\n\nFor the purposes of defensive coding it wouldn\u0027t be superfluous to check\nthe parameter value, because some functions down the call stack process\nthis value correctly and some not.\n\nFor example, in dispc_ovl_setup_global_alpha it may lead to buffer\noverflow.\n\nAdd check for this value.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37851",
          "url": "https://www.suse.com/security/cve/CVE-2025-37851"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242977 for CVE-2025-37851",
          "url": "https://bugzilla.suse.com/1242977"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37851"
    },
    {
      "cve": "CVE-2025-37852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()\n\nAdd error handling to propagate amdgpu_cgs_create_device() failures\nto the caller. When amdgpu_cgs_create_device() fails, release hwmgr\nand return -ENOMEM to prevent null pointer dereference.\n\n[v1]-\u003e[v2]: Change error code from -EINVAL to -ENOMEM. Free hwmgr.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37852",
          "url": "https://www.suse.com/security/cve/CVE-2025-37852"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243074 for CVE-2025-37852",
          "url": "https://bugzilla.suse.com/1243074"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37852"
    },
    {
      "cve": "CVE-2025-37853",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37853"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: debugfs hang_hws skip GPU with MES\n\ndebugfs hang_hws is used by GPU reset test with HWS, for MES this crash\nthe kernel with NULL pointer access because dqm-\u003epacket_mgr is not setup\nfor MES path.\n\nSkip GPU with MES for now, MES hang_hws debugfs interface will be\nsupported later.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37853",
          "url": "https://www.suse.com/security/cve/CVE-2025-37853"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243076 for CVE-2025-37853",
          "url": "https://bugzilla.suse.com/1243076"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37853"
    },
    {
      "cve": "CVE-2025-37854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix mode1 reset crash issue\n\nIf HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal\nuser space to abort the processes. After process abort exit, user queues\nstill use the GPU to access system memory before h/w is reset while KFD\ncleanup worker free system memory and free VRAM.\n\nThere is use-after-free race bug that KFD allocate and reuse the freed\nsystem memory, and user queue write to the same system memory to corrupt\nthe data structure and cause driver crash.\n\nTo fix this race, KFD cleanup worker terminate user queues, then flush\nreset_domain wq to wait for any GPU ongoing reset complete, and then\nfree outstanding BOs.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37854",
          "url": "https://www.suse.com/security/cve/CVE-2025-37854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243082 for CVE-2025-37854",
          "url": "https://bugzilla.suse.com/1243082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37854"
    },
    {
      "cve": "CVE-2025-37858",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37858"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: Prevent integer overflow in AG size calculation\n\nThe JFS filesystem calculates allocation group (AG) size using 1 \u003c\u003c\nl2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with \u003e2TB\naggregates on 32-bit systems), this 32-bit shift operation causes undefined\nbehavior and improper AG sizing.\n\nOn 32-bit architectures:\n- Left-shifting 1 by 32+ bits results in 0 due to integer overflow\n- This creates invalid AG sizes (0 or garbage values) in\nsbi-\u003ebmap-\u003edb_agsize\n- Subsequent block allocations would reference invalid AG structures\n- Could lead to:\n  - Filesystem corruption during extend operations\n  - Kernel crashes due to invalid memory accesses\n  - Security vulnerabilities via malformed on-disk structures\n\nFix by casting to s64 before shifting:\nbmp-\u003edb_agsize = (s64)1 \u003c\u003c l2agsize;\n\nThis ensures 64-bit arithmetic even on 32-bit architectures. The cast\nmatches the data type of db_agsize (s64) and follows similar patterns in\nJFS block calculation code.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37858",
          "url": "https://www.suse.com/security/cve/CVE-2025-37858"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243049 for CVE-2025-37858",
          "url": "https://bugzilla.suse.com/1243049"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37858"
    },
    {
      "cve": "CVE-2025-37862",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37862"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: pidff: Fix null pointer dereference in pidff_find_fields\n\nThis function triggered a null pointer dereference if used to search for\na report that isn\u0027t implemented on the device. This happened both for\noptional and required reports alike.\n\nThe same logic was applied to pidff_find_special_field and although\npidff_init_fields should return an error earlier if one of the required\nreports is missing, future modifications could change this logic and\nresurface this possible null pointer dereference again.\n\nLKML bug report:\nhttps://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37862",
          "url": "https://www.suse.com/security/cve/CVE-2025-37862"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242982 for CVE-2025-37862",
          "url": "https://bugzilla.suse.com/1242982"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37862"
    },
    {
      "cve": "CVE-2025-37865",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37865"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported\n\nRussell King reports that on the ZII dev rev B, deleting a bridge VLAN\nfrom a user port fails with -ENOENT:\nhttps://lore.kernel.org/netdev/Z_lQXNP0s5-IiJzd@shell.armlinux.org.uk/\n\nThis comes from mv88e6xxx_port_vlan_leave() -\u003e mv88e6xxx_mst_put(),\nwhich tries to find an MST entry in \u0026chip-\u003emsts associated with the SID,\nbut fails and returns -ENOENT as such.\n\nBut we know that this chip does not support MST at all, so that is not\nsurprising. The question is why does the guard in mv88e6xxx_mst_put()\nnot exit early:\n\n\tif (!sid)\n\t\treturn 0;\n\nAnd the answer seems to be simple: the sid comes from vlan.sid which\nsupposedly was previously populated by mv88e6xxx_vtu_get().\nBut some chip-\u003einfo-\u003eops-\u003evtu_getnext() implementations do not populate\nvlan.sid, for example see mv88e6185_g1_vtu_getnext(). In that case,\nlater in mv88e6xxx_port_vlan_leave() we are using a garbage sid which is\njust residual stack memory.\n\nTesting for sid == 0 covers all cases of a non-bridge VLAN or a bridge\nVLAN mapped to the default MSTI. For some chips, SID 0 is valid and\ninstalled by mv88e6xxx_stu_setup(). A chip which does not support the\nSTU would implicitly only support mapping all VLANs to the default MSTI,\nso although SID 0 is not valid, it would be sufficient, if we were to\nzero-initialize the vlan structure, to fix the bug, due to the\ncoincidence that a test for vlan.sid == 0 already exists and leads to\nthe same (correct) behavior.\n\nAnother option which would be sufficient would be to add a test for\nmv88e6xxx_has_stu() inside mv88e6xxx_mst_put(), symmetric to the one\nwhich already exists in mv88e6xxx_mst_get(). But that placement means\nthe caller will have to dereference vlan.sid, which means it will access\nuninitialized memory, which is not nice even if it ignores it later.\n\nSo we end up making both modifications, in order to not rely just on the\nsid == 0 coincidence, but also to avoid having uninitialized structure\nfields which might get temporarily accessed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37865",
          "url": "https://www.suse.com/security/cve/CVE-2025-37865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242954 for CVE-2025-37865",
          "url": "https://bugzilla.suse.com/1242954"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37865"
    },
    {
      "cve": "CVE-2025-37867",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37867"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Silence oversized kvmalloc() warning\n\nsyzkaller triggered an oversized kvmalloc() warning.\nSilence it by adding __GFP_NOWARN.\n\nsyzkaller log:\n WARNING: CPU: 7 PID: 518 at mm/util.c:665 __kvmalloc_node_noprof+0x175/0x180\n CPU: 7 UID: 0 PID: 518 Comm: c_repro Not tainted 6.11.0-rc6+ #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__kvmalloc_node_noprof+0x175/0x180\n RSP: 0018:ffffc90001e67c10 EFLAGS: 00010246\n RAX: 0000000000000100 RBX: 0000000000000400 RCX: ffffffff8149d46b\n RDX: 0000000000000000 RSI: ffff8881030fae80 RDI: 0000000000000002\n RBP: 000000712c800000 R08: 0000000000000100 R09: 0000000000000000\n R10: ffffc90001e67c10 R11: 0030ae0601000000 R12: 0000000000000000\n R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000000\n FS:  00007fde79159740(0000) GS:ffff88813bdc0000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020000180 CR3: 0000000105eb4005 CR4: 00000000003706b0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n  \u003cTASK\u003e\n  ib_umem_odp_get+0x1f6/0x390\n  mlx5_ib_reg_user_mr+0x1e8/0x450\n  ib_uverbs_reg_mr+0x28b/0x440\n  ib_uverbs_write+0x7d3/0xa30\n  vfs_write+0x1ac/0x6c0\n  ksys_write+0x134/0x170\n  ? __sanitizer_cov_trace_pc+0x1c/0x50\n  do_syscall_64+0x50/0x110\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37867",
          "url": "https://www.suse.com/security/cve/CVE-2025-37867"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242948 for CVE-2025-37867",
          "url": "https://bugzilla.suse.com/1242948"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37867"
    },
    {
      "cve": "CVE-2025-37870",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37870"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: prevent hang on link training fail\n\n[Why]\nWhen link training fails, the phy clock will be disabled. However, in\nenable_streams, it is assumed that link training succeeded and the\nmux selects the phy clock, causing a hang when a register write is made.\n\n[How]\nWhen enable_stream is hit, check if link training failed. If it did, fall\nback to the ref clock to avoid a hang and keep the system in a recoverable\nstate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37870",
          "url": "https://www.suse.com/security/cve/CVE-2025-37870"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243056 for CVE-2025-37870",
          "url": "https://bugzilla.suse.com/1243056"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37870"
    },
    {
      "cve": "CVE-2025-37871",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37871"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: decrease sc_count directly if fail to queue dl_recall\n\nA deadlock warning occurred when invoking nfs4_put_stid following a failed\ndl_recall queue operation:\n            T1                            T2\n                                nfs4_laundromat\n                                 nfs4_get_client_reaplist\n                                  nfs4_anylock_blockers\n__break_lease\n spin_lock // ctx-\u003eflc_lock\n                                   spin_lock // clp-\u003ecl_lock\n                                   nfs4_lockowner_has_blockers\n                                    locks_owner_has_blockers\n                                     spin_lock // flctx-\u003eflc_lock\n nfsd_break_deleg_cb\n  nfsd_break_one_deleg\n   nfs4_put_stid\n    refcount_dec_and_lock\n     spin_lock // clp-\u003ecl_lock\n\nWhen a file is opened, an nfs4_delegation is allocated with sc_count\ninitialized to 1, and the file_lease holds a reference to the delegation.\nThe file_lease is then associated with the file through kernel_setlease.\n\nThe disassociation is performed in nfsd4_delegreturn via the following\ncall chain:\nnfsd4_delegreturn --\u003e destroy_delegation --\u003e destroy_unhashed_deleg --\u003e\nnfs4_unlock_deleg_lease --\u003e kernel_setlease --\u003e generic_delete_lease\nThe corresponding sc_count reference will be released after this\ndisassociation.\n\nSince nfsd_break_one_deleg executes while holding the flc_lock, the\ndisassociation process becomes blocked when attempting to acquire flc_lock\nin generic_delete_lease. This means:\n1) sc_count in nfsd_break_one_deleg will not be decremented to 0;\n2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to\nacquire cl_lock;\n3) Consequently, no deadlock condition is created.\n\nGiven that sc_count in nfsd_break_one_deleg remains non-zero, we can\nsafely perform refcount_dec on sc_count directly. This approach\neffectively avoids triggering deadlock warnings.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37871",
          "url": "https://www.suse.com/security/cve/CVE-2025-37871"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242949 for CVE-2025-37871",
          "url": "https://bugzilla.suse.com/1242949"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37871"
    },
    {
      "cve": "CVE-2025-37873",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37873"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix missing ring index trim on error path\n\nCommit under Fixes converted tx_prod to be free running but missed\nmasking it on the Tx error path. This crashes on error conditions,\nfor example when DMA mapping fails.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37873",
          "url": "https://www.suse.com/security/cve/CVE-2025-37873"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242961 for CVE-2025-37873",
          "url": "https://bugzilla.suse.com/1242961"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37873"
    },
    {
      "cve": "CVE-2025-37874",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37874"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ngbe: fix memory leak in ngbe_probe() error path\n\nWhen ngbe_sw_init() is called, memory is allocated for wx-\u003erss_key\nin wx_init_rss_key(). However, in ngbe_probe() function, the subsequent\nerror paths after ngbe_sw_init() don\u0027t free the rss_key. Fix that by\nfreeing it in error path along with wx-\u003emac_table.\n\nAlso change the label to which execution jumps when ngbe_sw_init()\nfails, because otherwise, it could lead to a double free for rss_key,\nwhen the mac_table allocation fails in wx_sw_init().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37874",
          "url": "https://www.suse.com/security/cve/CVE-2025-37874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242940 for CVE-2025-37874",
          "url": "https://bugzilla.suse.com/1242940"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37874"
    },
    {
      "cve": "CVE-2025-37875",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37875"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix PTM cycle trigger logic\n\nWriting to clear the PTM status \u0027valid\u0027 bit while the PTM cycle is\ntriggered results in unreliable PTM operation. To fix this, clear the\nPTM \u0027trigger\u0027 and status after each PTM transaction.\n\nThe issue can be reproduced with the following:\n\n$ sudo phc2sys -R 1000 -O 0 -i tsn0 -m\n\nNote: 1000 Hz (-R 1000) is unrealistically large, but provides a way to\nquickly reproduce the issue.\n\nPHC2SYS exits with:\n\n\"ioctl PTP_OFFSET_PRECISE: Connection timed out\" when the PTM transaction\n  fails\n\nThis patch also fixes a hang in igc_probe() when loading the igc\ndriver in the kdump kernel on systems supporting PTM.\n\nThe igc driver running in the base kernel enables PTM trigger in\nigc_probe().  Therefore the driver is always in PTM trigger mode,\nexcept in brief periods when manually triggering a PTM cycle.\n\nWhen a crash occurs, the NIC is reset while PTM trigger is enabled.\nDue to a hardware problem, the NIC is subsequently in a bad busmaster\nstate and doesn\u0027t handle register reads/writes.  When running\nigc_probe() in the kdump kernel, the first register access to a NIC\nregister hangs driver probing and ultimately breaks kdump.\n\nWith this patch, igc has PTM trigger disabled most of the time,\nand the trigger is only enabled for very brief (10 - 100 us) periods\nwhen manually triggering a PTM cycle.  Chances that a crash occurs\nduring a PTM trigger are not 0, but extremely reduced.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37875",
          "url": "https://www.suse.com/security/cve/CVE-2025-37875"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242959 for CVE-2025-37875",
          "url": "https://bugzilla.suse.com/1242959"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37875"
    },
    {
      "cve": "CVE-2025-37879",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37879"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/net: fix improper handling of bogus negative read/write replies\n\nIn p9_client_write() and p9_client_read_once(), if the server\nincorrectly replies with success but a negative write/read count then we\nwould consider written (negative) \u003c= rsize (positive) because both\nvariables were signed.\n\nMake variables unsigned to avoid this problem.\n\nThe reproducer linked below now fails with the following error instead\nof a null pointer deref:\n9pnet: bogus RWRITE count (4294967295 \u003e 3)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37879",
          "url": "https://www.suse.com/security/cve/CVE-2025-37879"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243077 for CVE-2025-37879",
          "url": "https://bugzilla.suse.com/1243077"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37879"
    },
    {
      "cve": "CVE-2025-37881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()\n\nThe variable d-\u003ename, returned by devm_kasprintf(), could be NULL.\nA pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37881",
          "url": "https://www.suse.com/security/cve/CVE-2025-37881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242973 for CVE-2025-37881",
          "url": "https://bugzilla.suse.com/1242973"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37881"
    },
    {
      "cve": "CVE-2025-37886",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37886"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: make wait_context part of q_info\n\nMake the wait_context a full part of the q_info struct rather\nthan a stack variable that goes away after pdsc_adminq_post()\nis done so that the context is still available after the wait\nloop has given up.\n\nThere was a case where a slow development firmware caused\nthe adminq request to time out, but then later the FW finally\nfinished the request and sent the interrupt.  The handler tried\nto complete_all() the completion context that had been created\non the stack in pdsc_adminq_post() but no longer existed.\nThis caused bad pointer usage, kernel crashes, and much wailing\nand gnashing of teeth.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37886",
          "url": "https://www.suse.com/security/cve/CVE-2025-37886"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242944 for CVE-2025-37886",
          "url": "https://bugzilla.suse.com/1242944"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37886"
    },
    {
      "cve": "CVE-2025-37887",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37887"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result\n\nIf the FW doesn\u0027t support the PDS_CORE_CMD_FW_CONTROL command\nthe driver might at the least print garbage and at the worst\ncrash when the user runs the \"devlink dev info\" devlink command.\n\nThis happens because the stack variable fw_list is not 0\ninitialized which results in fw_list.num_fw_slots being a\ngarbage value from the stack.  Then the driver tries to access\nfw_list.fw_names[i] with i \u003e= ARRAY_SIZE and runs off the end\nof the array.\n\nFix this by initializing the fw_list and by not failing\ncompletely if the devcmd fails because other useful information\nis printed via devlink dev info even if the devcmd fails.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37887",
          "url": "https://www.suse.com/security/cve/CVE-2025-37887"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242962 for CVE-2025-37887",
          "url": "https://bugzilla.suse.com/1242962"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37887"
    },
    {
      "cve": "CVE-2025-37889",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37889"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Consistently treat platform_max as control value\n\nThis reverts commit 9bdd10d57a88 (\"ASoC: ops: Shift tested values in\nsnd_soc_put_volsw() by +min\"), and makes some additional related\nupdates.\n\nThere are two ways the platform_max could be interpreted; the maximum\nregister value, or the maximum value the control can be set to. The\npatch moved from treating the value as a control value to a register\none. When the patch was applied it was technically correct as\nsnd_soc_limit_volume() also used the register interpretation. However,\neven then most of the other usages treated platform_max as a\ncontrol value, and snd_soc_limit_volume() has since been updated to\nalso do so in commit fb9ad24485087 (\"ASoC: ops: add correct range\ncheck for limiting volume\"). That patch however, missed updating\nsnd_soc_put_volsw() back to the control interpretation, and fixing\nsnd_soc_info_volsw_range(). The control interpretation makes more\nsense as limiting is typically done from the machine driver, so it is\nappropriate to use the customer facing representation rather than the\ninternal codec representation. Update all the code to consistently use\nthis interpretation of platform_max.\n\nFinally, also add some comments to the soc_mixer_control struct to\nhopefully avoid further patches switching between the two approaches.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37889",
          "url": "https://www.suse.com/security/cve/CVE-2025-37889"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1242945 for CVE-2025-37889",
          "url": "https://bugzilla.suse.com/1242945"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37889"
    },
    {
      "cve": "CVE-2025-37890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], we have a UAF case when an hfsc class\nhas a netem child qdisc. The crux of the issue is that hfsc is assuming\nthat checking for cl-\u003eqdisc-\u003eq.qlen == 0 guarantees that it hasn\u0027t inserted\nthe class in the vttree or eltree (which is not true for the netem\nduplicate case).\n\nThis patch checks the n_active class variable to make sure that the code\nwon\u0027t insert the class in the vttree or eltree twice, catering for the\nreentrant case.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37890",
          "url": "https://www.suse.com/security/cve/CVE-2025-37890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243330 for CVE-2025-37890",
          "url": "https://bugzilla.suse.com/1243330"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245791 for CVE-2025-37890",
          "url": "https://bugzilla.suse.com/1245791"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-37890"
    },
    {
      "cve": "CVE-2025-37891",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37891"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ump: Fix buffer overflow at UMP SysEx message conversion\n\nThe conversion function from MIDI 1.0 to UMP packet contains an\ninternal buffer to keep the incoming MIDI bytes, and its size is 4, as\nit was supposed to be the max size for a MIDI1 UMP packet data.\nHowever, the implementation overlooked that SysEx is handled in a\ndifferent format, and it can be up to 6 bytes, as found in\ndo_convert_to_ump().  It leads eventually to a buffer overflow, and\nmay corrupt the memory when a longer SysEx message is received.\n\nThe fix is simply to extend the buffer size to 6 to fit with the SysEx\nUMP message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37891",
          "url": "https://www.suse.com/security/cve/CVE-2025-37891"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243589 for CVE-2025-37891",
          "url": "https://bugzilla.suse.com/1243589"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37891"
    },
    {
      "cve": "CVE-2025-37892",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37892"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: inftlcore: Add error check for inftl_read_oob()\n\nIn INFTL_findwriteunit(), the return value of inftl_read_oob()\nneed to be checked. A proper implementation can be\nfound in INFTL_deleteblock(). The status will be set as\nSECTOR_IGNORE to break from the while-loop correctly\nif the inftl_read_oob() fails.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37892",
          "url": "https://www.suse.com/security/cve/CVE-2025-37892"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243536 for CVE-2025-37892",
          "url": "https://bugzilla.suse.com/1243536"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37892"
    },
    {
      "cve": "CVE-2025-37897",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37897"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: plfxlc: Remove erroneous assert in plfxlc_mac_release\n\nplfxlc_mac_release() asserts that mac-\u003elock is held. This assertion is\nincorrect, because even if it was possible, it would not be the valid\nbehaviour. The function is used when probe fails or after the device is\ndisconnected. In both cases mac-\u003elock can not be held as the driver is\nnot working with the device at the moment. All functions that use mac-\u003elock\nunlock it just after it was held. There is also no need to hold mac-\u003elock\nfor plfxlc_mac_release() itself, as mac data is not affected, except for\nmac-\u003eflags, which is modified atomically.\n\nThis bug leads to the following warning:\n================================================================\nWARNING: CPU: 0 PID: 127 at drivers/net/wireless/purelifi/plfxlc/mac.c:106 plfxlc_mac_release+0x7d/0xa0\nModules linked in:\nCPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.124-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:plfxlc_mac_release+0x7d/0xa0 drivers/net/wireless/purelifi/plfxlc/mac.c:106\nCall Trace:\n \u003cTASK\u003e\n probe+0x941/0xbd0 drivers/net/wireless/purelifi/plfxlc/usb.c:694\n usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396\n really_probe+0x2ab/0xcb0 drivers/base/dd.c:639\n __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785\n driver_probe_device+0x50/0x420 drivers/base/dd.c:815\n __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943\n bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429\n __device_attach+0x359/0x570 drivers/base/dd.c:1015\n bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489\n device_add+0xb48/0xfd0 drivers/base/core.c:3696\n usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165\n usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238\n usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293\n really_probe+0x2ab/0xcb0 drivers/base/dd.c:639\n __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785\n driver_probe_device+0x50/0x420 drivers/base/dd.c:815\n __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943\n bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429\n __device_attach+0x359/0x570 drivers/base/dd.c:1015\n bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489\n device_add+0xb48/0xfd0 drivers/base/core.c:3696\n usb_new_device+0xbdd/0x18f0 drivers/usb/core/hub.c:2620\n hub_port_connect drivers/usb/core/hub.c:5477 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5617 [inline]\n port_event drivers/usb/core/hub.c:5773 [inline]\n hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5855\n process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292\n worker_thread+0xa47/0x1200 kernel/workqueue.c:2439\n kthread+0x28d/0x320 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n \u003c/TASK\u003e\n================================================================\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37897",
          "url": "https://www.suse.com/security/cve/CVE-2025-37897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243534 for CVE-2025-37897",
          "url": "https://bugzilla.suse.com/1243534"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-37897"
    },
    {
      "cve": "CVE-2025-37900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Fix two issues in iommu_copy_struct_from_user()\n\nIn the review for iommu_copy_struct_to_user() helper, Matt pointed out that\na NULL pointer should be rejected prior to dereferencing it:\nhttps://lore.kernel.org/all/86881827-8E2D-461C-BDA3-FA8FD14C343C@nvidia.com\n\nAnd Alok pointed out a typo at the same time:\nhttps://lore.kernel.org/all/480536af-6830-43ce-a327-adbd13dc3f1d@oracle.com\n\nSince both issues were copied from iommu_copy_struct_from_user(), fix them\nfirst in the current header.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37900",
          "url": "https://www.suse.com/security/cve/CVE-2025-37900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243560 for CVE-2025-37900",
          "url": "https://bugzilla.suse.com/1243560"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37900"
    },
    {
      "cve": "CVE-2025-37901",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37901"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs\n\nOn Qualcomm chipsets not all GPIOs are wakeup capable. Those GPIOs do not\nhave a corresponding MPM pin and should not be handled inside the MPM\ndriver. The IRQ domain hierarchy is always applied, so it\u0027s required to\nexplicitly disconnect the hierarchy for those. The pinctrl-msm driver marks\nthese with GPIO_NO_WAKE_IRQ. qcom-pdc has a check for this, but\nirq-qcom-mpm is currently missing the check. This is causing crashes when\nsetting up interrupts for non-wake GPIOs:\n\n root@rb1:~# gpiomon -c gpiochip1 10\n   irq: IRQ159: trimming hierarchy from :soc@0:interrupt-controller@f200000-1\n   Unable to handle kernel paging request at virtual address ffff8000a1dc3820\n   Hardware name: Qualcomm Technologies, Inc. Robotics RB1 (DT)\n   pc : mpm_set_type+0x80/0xcc\n   lr : mpm_set_type+0x5c/0xcc\n   Call trace:\n    mpm_set_type+0x80/0xcc (P)\n    qcom_mpm_set_type+0x64/0x158\n    irq_chip_set_type_parent+0x20/0x38\n    msm_gpio_irq_set_type+0x50/0x530\n    __irq_set_trigger+0x60/0x184\n    __setup_irq+0x304/0x6bc\n    request_threaded_irq+0xc8/0x19c\n    edge_detector_setup+0x260/0x364\n    linereq_create+0x420/0x5a8\n    gpio_ioctl+0x2d4/0x6c0\n\nFix this by copying the check for GPIO_NO_WAKE_IRQ from qcom-pdc.c, so that\nMPM is removed entirely from the hierarchy for non-wake GPIOs.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37901",
          "url": "https://www.suse.com/security/cve/CVE-2025-37901"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243559 for CVE-2025-37901",
          "url": "https://bugzilla.suse.com/1243559"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37901"
    },
    {
      "cve": "CVE-2025-37903",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37903"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free in hdcp\n\nThe HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector\nobjects without incrementing the kref reference counts. When using a\nUSB-C dock, and the dock is unplugged, the corresponding\namdgpu_dm_connector objects are freed, creating dangling pointers in the\nHDCP code. When the dock is plugged back, the dangling pointers are\ndereferenced, resulting in a slab-use-after-free:\n\n[   66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu]\n[   66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10\n\n[   66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233\n[   66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024\n[   66.776186] Workqueue: events event_property_validate [amdgpu]\n[   66.776494] Call Trace:\n[   66.776496]  \u003cTASK\u003e\n[   66.776497]  dump_stack_lvl+0x70/0xa0\n[   66.776504]  print_report+0x175/0x555\n[   66.776507]  ? __virt_addr_valid+0x243/0x450\n[   66.776510]  ? kasan_complete_mode_report_info+0x66/0x1c0\n[   66.776515]  kasan_report+0xeb/0x1c0\n[   66.776518]  ? event_property_validate+0x42f/0x6c0 [amdgpu]\n[   66.776819]  ? event_property_validate+0x42f/0x6c0 [amdgpu]\n[   66.777121]  __asan_report_load4_noabort+0x14/0x20\n[   66.777124]  event_property_validate+0x42f/0x6c0 [amdgpu]\n[   66.777342]  ? __lock_acquire+0x6b40/0x6b40\n[   66.777347]  ? enable_assr+0x250/0x250 [amdgpu]\n[   66.777571]  process_one_work+0x86b/0x1510\n[   66.777575]  ? pwq_dec_nr_in_flight+0xcf0/0xcf0\n[   66.777578]  ? assign_work+0x16b/0x280\n[   66.777580]  ? lock_is_held_type+0xa3/0x130\n[   66.777583]  worker_thread+0x5c0/0xfa0\n[   66.777587]  ? process_one_work+0x1510/0x1510\n[   66.777588]  kthread+0x3a2/0x840\n[   66.777591]  ? kthread_is_per_cpu+0xd0/0xd0\n[   66.777594]  ? trace_hardirqs_on+0x4f/0x60\n[   66.777597]  ? _raw_spin_unlock_irq+0x27/0x60\n[   66.777599]  ? calculate_sigpending+0x77/0xa0\n[   66.777602]  ? kthread_is_per_cpu+0xd0/0xd0\n[   66.777605]  ret_from_fork+0x40/0x90\n[   66.777607]  ? kthread_is_per_cpu+0xd0/0xd0\n[   66.777609]  ret_from_fork_asm+0x11/0x20\n[   66.777614]  \u003c/TASK\u003e\n\n[   66.777643] Allocated by task 10:\n[   66.777646]  kasan_save_stack+0x39/0x60\n[   66.777649]  kasan_save_track+0x14/0x40\n[   66.777652]  kasan_save_alloc_info+0x37/0x50\n[   66.777655]  __kasan_kmalloc+0xbb/0xc0\n[   66.777658]  __kmalloc_cache_noprof+0x1c8/0x4b0\n[   66.777661]  dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu]\n[   66.777880]  drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper]\n[   66.777892]  drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper]\n[   66.777901]  drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper]\n[   66.777909]  drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper]\n[   66.777917]  process_one_work+0x86b/0x1510\n[   66.777919]  worker_thread+0x5c0/0xfa0\n[   66.777922]  kthread+0x3a2/0x840\n[   66.777925]  ret_from_fork+0x40/0x90\n[   66.777927]  ret_from_fork_asm+0x11/0x20\n\n[   66.777932] Freed by task 1713:\n[   66.777935]  kasan_save_stack+0x39/0x60\n[   66.777938]  kasan_save_track+0x14/0x40\n[   66.777940]  kasan_save_free_info+0x3b/0x60\n[   66.777944]  __kasan_slab_free+0x52/0x70\n[   66.777946]  kfree+0x13f/0x4b0\n[   66.777949]  dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu]\n[   66.778179]  drm_connector_free+0x7d/0xb0\n[   66.778184]  drm_mode_object_put.part.0+0xee/0x160\n[   66.778188]  drm_mode_object_put+0x37/0x50\n[   66.778191]  drm_atomic_state_default_clear+0x220/0xd60\n[   66.778194]  __drm_atomic_state_free+0x16e/0x2a0\n[   66.778197]  drm_mode_atomic_ioctl+0x15ed/0x2ba0\n[   66.778200]  drm_ioctl_kernel+0x17a/0x310\n[   66.778203]  drm_ioctl+0x584/0xd10\n[   66.778206]  amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu]\n[   66.778375]  __x64_sys_ioctl+0x139/0x1a0\n[   66.778378]  x64_sys_call+0xee7/0xfb0\n[   66.778381] \n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37903",
          "url": "https://www.suse.com/security/cve/CVE-2025-37903"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243562 for CVE-2025-37903",
          "url": "https://bugzilla.suse.com/1243562"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37903"
    },
    {
      "cve": "CVE-2025-37905",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37905"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Balance device refcount when destroying devices\n\nUsing device_find_child() to lookup the proper SCMI device to destroy\ncauses an unbalance in device refcount, since device_find_child() calls an\nimplicit get_device(): this, in turns, inhibits the call of the provided\nrelease methods upon devices destruction.\n\nAs a consequence, one of the structures that is not freed properly upon\ndestruction is the internal struct device_private dev-\u003ep populated by the\ndrivers subsystem core.\n\nKMemleak detects this situation since loading/unloding some SCMI driver\ncauses related devices to be created/destroyed without calling any\ndevice_release method.\n\nunreferenced object 0xffff00000f583800 (size 512):\n  comm \"insmod\", pid 227, jiffies 4294912190\n  hex dump (first 32 bytes):\n    00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........\n    ff ff ff ff ff ff ff ff 60 36 1d 8a 00 80 ff ff  ........`6......\n  backtrace (crc 114e2eed):\n    kmemleak_alloc+0xbc/0xd8\n    __kmalloc_cache_noprof+0x2dc/0x398\n    device_add+0x954/0x12d0\n    device_register+0x28/0x40\n    __scmi_device_create.part.0+0x1bc/0x380\n    scmi_device_create+0x2d0/0x390\n    scmi_create_protocol_devices+0x74/0xf8\n    scmi_device_request_notifier+0x1f8/0x2a8\n    notifier_call_chain+0x110/0x3b0\n    blocking_notifier_call_chain+0x70/0xb0\n    scmi_driver_register+0x350/0x7f0\n    0xffff80000a3b3038\n    do_one_initcall+0x12c/0x730\n    do_init_module+0x1dc/0x640\n    load_module+0x4b20/0x5b70\n    init_module_from_file+0xec/0x158\n\n$ ./scripts/faddr2line ./vmlinux device_add+0x954/0x12d0\ndevice_add+0x954/0x12d0:\nkmalloc_noprof at include/linux/slab.h:901\n(inlined by) kzalloc_noprof at include/linux/slab.h:1037\n(inlined by) device_private_init at drivers/base/core.c:3510\n(inlined by) device_add at drivers/base/core.c:3561\n\nBalance device refcount by issuing a put_device() on devices found via\ndevice_find_child().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37905",
          "url": "https://www.suse.com/security/cve/CVE-2025-37905"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243456 for CVE-2025-37905",
          "url": "https://bugzilla.suse.com/1243456"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37905"
    },
    {
      "cve": "CVE-2025-37911",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37911"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix out-of-bound memcpy() during ethtool -w\n\nWhen retrieving the FW coredump using ethtool, it can sometimes cause\nmemory corruption:\n\nBUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en]\nCorrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfence-#45):\n__bnxt_get_coredump+0x3ef/0x670 [bnxt_en]\nethtool_get_dump_data+0xdc/0x1a0\n__dev_ethtool+0xa1e/0x1af0\ndev_ethtool+0xa8/0x170\ndev_ioctl+0x1b5/0x580\nsock_do_ioctl+0xab/0xf0\nsock_ioctl+0x1ce/0x2e0\n__x64_sys_ioctl+0x87/0xc0\ndo_syscall_64+0x5c/0xf0\nentry_SYSCALL_64_after_hwframe+0x78/0x80\n\n...\n\nThis happens when copying the coredump segment list in\nbnxt_hwrm_dbg_dma_data() with the HWRM_DBG_COREDUMP_LIST FW command.\nThe info-\u003edest_buf buffer is allocated based on the number of coredump\nsegments returned by the FW.  The segment list is then DMA\u0027ed by\nthe FW and the length of the DMA is returned by FW.  The driver then\ncopies this DMA\u0027ed segment list to info-\u003edest_buf.\n\nIn some cases, this DMA length may exceed the info-\u003edest_buf length\nand cause the above BUG condition.  Fix it by capping the copy\nlength to not exceed the length of info-\u003edest_buf.  The extra\nDMA data contains no useful information.\n\nThis code path is shared for the HWRM_DBG_COREDUMP_LIST and the\nHWRM_DBG_COREDUMP_RETRIEVE FW commands.  The buffering is different\nfor these 2 FW commands.  To simplify the logic, we need to move\nthe line to adjust the buffer length for HWRM_DBG_COREDUMP_RETRIEVE\nup, so that the new check to cap the copy length will work for both\ncommands.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37911",
          "url": "https://www.suse.com/security/cve/CVE-2025-37911"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243469 for CVE-2025-37911",
          "url": "https://bugzilla.suse.com/1243469"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 0,
            "baseSeverity": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37911"
    },
    {
      "cve": "CVE-2025-37912",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37912"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()\n\nAs mentioned in the commit baeb705fd6a7 (\"ice: always check VF VSI\npointer values\"), we need to perform a null pointer check on the return\nvalue of ice_get_vf_vsi() before using it.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37912",
          "url": "https://www.suse.com/security/cve/CVE-2025-37912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243470 for CVE-2025-37912",
          "url": "https://bugzilla.suse.com/1243470"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37912"
    },
    {
      "cve": "CVE-2025-37913",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37913"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: qfq: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc\u0027s enqueue callback reentrant.\nIn the case of qfq, there won\u0027t be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nThis patch checks whether the class was already added to the agg-\u003eactive\nlist (cl_is_active) before doing the addition to cater for the reentrant\ncase.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37913",
          "url": "https://www.suse.com/security/cve/CVE-2025-37913"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243471 for CVE-2025-37913",
          "url": "https://bugzilla.suse.com/1243471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37913"
    },
    {
      "cve": "CVE-2025-37914",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37914"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: ets: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc\u0027s enqueue callback reentrant.\nIn the case of ets, there won\u0027t be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nIn addition to checking for qlen being zero, this patch checks whether\nthe class was already added to the active_list (cl_is_active) before\ndoing the addition to cater for the reentrant case.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37914",
          "url": "https://www.suse.com/security/cve/CVE-2025-37914"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243472 for CVE-2025-37914",
          "url": "https://bugzilla.suse.com/1243472"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37914"
    },
    {
      "cve": "CVE-2025-37915",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37915"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: drr: Fix double list add in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc\u0027s enqueue callback reentrant.\nIn the case of drr, there won\u0027t be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\n\nIn addition to checking for qlen being zero, this patch checks whether the\nclass was already added to the active_list (cl_is_active) before adding\nto the list to cover for the reentrant case.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37915",
          "url": "https://www.suse.com/security/cve/CVE-2025-37915"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243473 for CVE-2025-37915",
          "url": "https://bugzilla.suse.com/1243473"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37915"
    },
    {
      "cve": "CVE-2025-37917",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37917"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll\n\nUse spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock\nand spin_unlock in mtk_star_emac driver to avoid spinlock recursion\noccurrence that can happen when enabling the DMA interrupts again in\nrx/tx poll.\n\n```\nBUG: spinlock recursion on CPU#0, swapper/0/0\n lock: 0xffff00000db9cf20, .magic: dead4ead, .owner: swapper/0/0,\n    .owner_cpu: 0\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted\n    6.15.0-rc2-next-20250417-00001-gf6a27738686c-dirty #28 PREEMPT\nHardware name: MediaTek MT8365 Open Platform EVK (DT)\nCall trace:\n show_stack+0x18/0x24 (C)\n dump_stack_lvl+0x60/0x80\n dump_stack+0x18/0x24\n spin_dump+0x78/0x88\n do_raw_spin_lock+0x11c/0x120\n _raw_spin_lock+0x20/0x2c\n mtk_star_handle_irq+0xc0/0x22c [mtk_star_emac]\n __handle_irq_event_percpu+0x48/0x140\n handle_irq_event+0x4c/0xb0\n handle_fasteoi_irq+0xa0/0x1bc\n handle_irq_desc+0x34/0x58\n generic_handle_domain_irq+0x1c/0x28\n gic_handle_irq+0x4c/0x120\n do_interrupt_handler+0x50/0x84\n el1_interrupt+0x34/0x68\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x6c/0x70\n regmap_mmio_read32le+0xc/0x20 (P)\n _regmap_bus_reg_read+0x6c/0xac\n _regmap_read+0x60/0xdc\n regmap_read+0x4c/0x80\n mtk_star_rx_poll+0x2f4/0x39c [mtk_star_emac]\n __napi_poll+0x38/0x188\n net_rx_action+0x164/0x2c0\n handle_softirqs+0x100/0x244\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x20\n call_on_irq_stack+0x24/0x64\n do_softirq_own_stack+0x1c/0x40\n __irq_exit_rcu+0xd4/0x10c\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x38/0x68\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x6c/0x70\n cpuidle_enter_state+0xac/0x320 (P)\n cpuidle_enter+0x38/0x50\n do_idle+0x1e4/0x260\n cpu_startup_entry+0x34/0x3c\n rest_init+0xdc/0xe0\n console_on_rootfs+0x0/0x6c\n __primary_switched+0x88/0x90\n```",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37917",
          "url": "https://www.suse.com/security/cve/CVE-2025-37917"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243475 for CVE-2025-37917",
          "url": "https://bugzilla.suse.com/1243475"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37917"
    },
    {
      "cve": "CVE-2025-37918",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37918"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()\n\nA NULL pointer dereference can occur in skb_dequeue() when processing a\nQCA firmware crash dump on WCN7851 (0489:e0f3).\n\n[ 93.672166] Bluetooth: hci0: ACL memdump size(589824)\n\n[ 93.672475] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[ 93.672517] Workqueue: hci0 hci_devcd_rx [bluetooth]\n[ 93.672598] RIP: 0010:skb_dequeue+0x50/0x80\n\nThe issue stems from handle_dump_pkt_qca() returning 0 even when a dump\npacket is successfully processed. This is because it incorrectly\nforwards the return value of hci_devcd_init() (which returns 0 on\nsuccess). As a result, the caller (btusb_recv_acl_qca() or\nbtusb_recv_evt_qca()) assumes the packet was not handled and passes it\nto hci_recv_frame(), leading to premature kfree() of the skb.\n\nLater, hci_devcd_rx() attempts to dequeue the same skb from the dump\nqueue, resulting in a NULL pointer dereference.\n\nFix this by:\n1. Making handle_dump_pkt_qca() return 0 on success and negative errno\n   on failure, consistent with kernel conventions.\n2. Splitting dump packet detection into separate functions for ACL\n   and event packets for better structure and readability.\n\nThis ensures dump packets are properly identified and consumed, avoiding\ndouble handling and preventing NULL pointer access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37918",
          "url": "https://www.suse.com/security/cve/CVE-2025-37918"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243476 for CVE-2025-37918",
          "url": "https://bugzilla.suse.com/1243476"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37918"
    },
    {
      "cve": "CVE-2025-37925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: reject on-disk inodes of an unsupported type\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/inode.c:668!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\nRIP: 0010:clear_inode+0x168/0x190\nCode: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7\n 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f\nRSP: 0018:ffffc900027dfae8 EFLAGS: 00010093\nRAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\nRBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38\nR10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000\nR13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80\nFS:  0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? clear_inode+0x168/0x190\n ? do_error_trap+0x1dc/0x2c0\n ? clear_inode+0x168/0x190\n ? __pfx_do_error_trap+0x10/0x10\n ? report_bug+0x3cd/0x500\n ? handle_invalid_op+0x34/0x40\n ? clear_inode+0x168/0x190\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? clear_inode+0x57/0x190\n ? clear_inode+0x167/0x190\n ? clear_inode+0x168/0x190\n ? clear_inode+0x167/0x190\n jfs_evict_inode+0xb5/0x440\n ? __pfx_jfs_evict_inode+0x10/0x10\n evict+0x4ea/0x9b0\n ? __pfx_evict+0x10/0x10\n ? iput+0x713/0xa50\n txUpdateMap+0x931/0xb10\n ? __pfx_txUpdateMap+0x10/0x10\n jfs_lazycommit+0x49a/0xb80\n ? _raw_spin_unlock_irqrestore+0x8f/0x140\n ? lockdep_hardirqs_on+0x99/0x150\n ? __pfx_jfs_lazycommit+0x10/0x10\n ? __pfx_default_wake_function+0x10/0x10\n ? __kthread_parkme+0x169/0x1d0\n ? __pfx_jfs_lazycommit+0x10/0x10\n kthread+0x2f2/0x390\n ? __pfx_jfs_lazycommit+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4d/0x80\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThis happens when \u0027clear_inode()\u0027 makes an attempt to finalize an underlying\nJFS inode of unknown type. According to JFS layout description from\nhttps://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to\n15 are reserved for future extensions and should not be encountered on a valid\nfilesystem. So add an extra check for valid inode type in \u0027copy_from_dinode()\u0027.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37925",
          "url": "https://www.suse.com/security/cve/CVE-2025-37925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241654 for CVE-2025-37925",
          "url": "https://bugzilla.suse.com/1241654"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37925"
    },
    {
      "cve": "CVE-2025-37928",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37928"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: don\u0027t schedule in atomic context\n\nA BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and\ntry_verify_in_tasklet are enabled.\n[  129.444685][  T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421\n[  129.444723][  T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4\n[  129.444740][  T934] preempt_count: 201, expected: 0\n[  129.444756][  T934] RCU nest depth: 0, expected: 0\n[  129.444781][  T934] Preemption disabled at:\n[  129.444789][  T934] [\u003cffffffd816231900\u003e] shrink_work+0x21c/0x248\n[  129.445167][  T934] kernel BUG at kernel/sched/walt/walt_debug.c:16!\n[  129.445183][  T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n[  129.445204][  T934] Skip md ftrace buffer dump for: 0x1609e0\n[  129.447348][  T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G        W  OE      6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8\n[  129.447362][  T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT)\n[  129.447373][  T934] Workqueue: dm_bufio_cache shrink_work\n[  129.447394][  T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  129.447406][  T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug]\n[  129.447435][  T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c\n[  129.447451][  T934] sp : ffffffc0843dbc90\n[  129.447459][  T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b\n[  129.447479][  T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68\n[  129.447497][  T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900\n[  129.447517][  T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030\n[  129.447535][  T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358\n[  129.447554][  T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003\n[  129.447572][  T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400\n[  129.447591][  T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8\n[  129.447610][  T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0\n[  129.447629][  T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000\n[  129.447647][  T934] Call trace:\n[  129.447655][  T934]  android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6]\n[  129.447681][  T934]  __might_resched+0x190/0x1a8\n[  129.447694][  T934]  shrink_work+0x180/0x248\n[  129.447706][  T934]  process_one_work+0x260/0x624\n[  129.447718][  T934]  worker_thread+0x28c/0x454\n[  129.447729][  T934]  kthread+0x118/0x158\n[  129.447742][  T934]  ret_from_fork+0x10/0x20\n[  129.447761][  T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000)\n[  129.447772][  T934] ---[ end trace 0000000000000000 ]---\n\ndm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet\nis enabled, and __scan will be called in atomic context.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37928",
          "url": "https://www.suse.com/security/cve/CVE-2025-37928"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243621 for CVE-2025-37928",
          "url": "https://bugzilla.suse.com/1243621"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37928"
    },
    {
      "cve": "CVE-2025-37929",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37929"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays\n\nCommit a5951389e58d (\"arm64: errata: Add newer ARM cores to the\nspectre_bhb_loop_affected() lists\") added some additional CPUs to the\nSpectre-BHB workaround, including some new arrays for designs that\nrequire new \u0027k\u0027 values for the workaround to be effective.\n\nUnfortunately, the new arrays omitted the sentinel entry and so\nis_midr_in_range_list() will walk off the end when it doesn\u0027t find a\nmatch. With UBSAN enabled, this leads to a crash during boot when\nis_midr_in_range_list() is inlined (which was more common prior to\nc8c2647e69be (\"arm64: Make   _midr_in_range_list() an exported\nfunction\")):\n\n |  Internal error: aarch64 BRK: 00000000f2000001 [#1] PREEMPT SMP\n |  pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n |  pc : spectre_bhb_loop_affected+0x28/0x30\n |  lr : is_spectre_bhb_affected+0x170/0x190\n | [...]\n |  Call trace:\n |   spectre_bhb_loop_affected+0x28/0x30\n |   update_cpu_capabilities+0xc0/0x184\n |   init_cpu_features+0x188/0x1a4\n |   cpuinfo_store_boot_cpu+0x4c/0x60\n |   smp_prepare_boot_cpu+0x38/0x54\n |   start_kernel+0x8c/0x478\n |   __primary_switched+0xc8/0xd4\n |  Code: 6b09011f 54000061 52801080 d65f03c0 (d4200020)\n |  ---[ end trace 0000000000000000 ]---\n |  Kernel panic - not syncing: aarch64 BRK: Fatal exception\n\nAdd the missing sentinel entries.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37929",
          "url": "https://www.suse.com/security/cve/CVE-2025-37929"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243624 for CVE-2025-37929",
          "url": "https://bugzilla.suse.com/1243624"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37929"
    },
    {
      "cve": "CVE-2025-37930",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37930"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()\n\nNouveau is mostly designed in a way that it\u0027s expected that fences only\never get signaled through nouveau_fence_signal(). However, in at least\none other place, nouveau_fence_done(), can signal fences, too. If that\nhappens (race) a signaled fence remains in the pending list for a while,\nuntil it gets removed by nouveau_fence_update().\n\nShould nouveau_fence_context_kill() run in the meantime, this would be\na bug because the function would attempt to set an error code on an\nalready signaled fence.\n\nHave nouveau_fence_context_kill() check for a fence being signaled.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37930",
          "url": "https://www.suse.com/security/cve/CVE-2025-37930"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243625 for CVE-2025-37930",
          "url": "https://bugzilla.suse.com/1243625"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 0,
            "baseSeverity": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37930"
    },
    {
      "cve": "CVE-2025-37931",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37931"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: adjust subpage bit start based on sectorsize\n\nWhen running machines with 64k page size and a 16k nodesize we started\nseeing tree log corruption in production.  This turned out to be because\nwe were not writing out dirty blocks sometimes, so this in fact affects\nall metadata writes.\n\nWhen writing out a subpage EB we scan the subpage bitmap for a dirty\nrange.  If the range isn\u0027t dirty we do\n\n\tbit_start++;\n\nto move onto the next bit.  The problem is the bitmap is based on the\nnumber of sectors that an EB has.  So in this case, we have a 64k\npagesize, 16k nodesize, but a 4k sectorsize.  This means our bitmap is 4\nbits for every node.  With a 64k page size we end up with 4 nodes per\npage.\n\nTo make this easier this is how everything looks\n\n[0         16k       32k       48k     ] logical address\n[0         4         8         12      ] radix tree offset\n[               64k page               ] folio\n[ 16k eb ][ 16k eb ][ 16k eb ][ 16k eb ] extent buffers\n[ | | | |  | | | |   | | | |   | | | | ] bitmap\n\nNow we use all of our addressing based on fs_info-\u003esectorsize_bits, so\nas you can see the above our 16k eb-\u003estart turns into radix entry 4.\n\nWhen we find a dirty range for our eb, we correctly do bit_start +=\nsectors_per_node, because if we start at bit 0, the next bit for the\nnext eb is 4, to correspond to eb-\u003estart 16k.\n\nHowever if our range is clean, we will do bit_start++, which will now\nput us offset from our radix tree entries.\n\nIn our case, assume that the first time we check the bitmap the block is\nnot dirty, we increment bit_start so now it == 1, and then we loop\naround and check again.  This time it is dirty, and we go to find that\nstart using the following equation\n\n\tstart = folio_start + bit_start * fs_info-\u003esectorsize;\n\nso in the case above, eb-\u003estart 0 is now dirty, and we calculate start\nas\n\n\t0 + 1 * fs_info-\u003esectorsize = 4096\n\t4096 \u003e\u003e 12 = 1\n\nNow we\u0027re looking up the radix tree for 1, and we won\u0027t find an eb.\nWhat\u0027s worse is now we\u0027re using bit_start == 1, so we do bit_start +=\nsectors_per_node, which is now 5.  If that eb is dirty we will run into\nthe same thing, we will look at an offset that is not populated in the\nradix tree, and now we\u0027re skipping the writeout of dirty extent buffers.\n\nThe best fix for this is to not use sectorsize_bits to address nodes,\nbut that\u0027s a larger change.  Since this is a fs corruption problem fix\nit simply by always using sectors_per_node to increment the start bit.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37931",
          "url": "https://www.suse.com/security/cve/CVE-2025-37931"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243626 for CVE-2025-37931",
          "url": "https://bugzilla.suse.com/1243626"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37931"
    },
    {
      "cve": "CVE-2025-37932",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37932"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_htb: make htb_qlen_notify() idempotent\n\nhtb_qlen_notify() always deactivates the HTB class and in fact could\ntrigger a warning if it is already deactivated. Therefore, it is not\nidempotent and not friendly to its callers, like fq_codel_dequeue().\n\nLet\u0027s make it idempotent to ease qdisc_tree_reduce_backlog() callers\u0027\nlife.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37932",
          "url": "https://www.suse.com/security/cve/CVE-2025-37932"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243627 for CVE-2025-37932",
          "url": "https://bugzilla.suse.com/1243627"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 0,
            "baseSeverity": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37932"
    },
    {
      "cve": "CVE-2025-37933",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37933"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Fix host hang issue during device reboot\n\nWhen the host loses heartbeat messages from the device,\nthe driver calls the device-specific ndo_stop function,\nwhich frees the resources. If the driver is unloaded in\nthis scenario, it calls ndo_stop again, attempting to free\nresources that have already been freed, leading to a host\nhang issue. To resolve this, dev_close should be called\ninstead of the device-specific stop function.dev_close\ninternally calls ndo_stop to stop the network interface\nand performs additional cleanup tasks. During the driver\nunload process, if the device is already down, ndo_stop\nis not called.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37933",
          "url": "https://www.suse.com/security/cve/CVE-2025-37933"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243628 for CVE-2025-37933",
          "url": "https://bugzilla.suse.com/1243628"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37933"
    },
    {
      "cve": "CVE-2025-37936",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37936"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU\u0027s value.\n\nWhen generating the MSR_IA32_PEBS_ENABLE value that will be loaded on\nVM-Entry to a KVM guest, mask the value with the vCPU\u0027s desired PEBS_ENABLE\nvalue.  Consulting only the host kernel\u0027s host vs. guest masks results in\nrunning the guest with PEBS enabled even when the guest doesn\u0027t want to use\nPEBS.  Because KVM uses perf events to proxy the guest virtual PMU, simply\nlooking at exclude_host can\u0027t differentiate between events created by host\nuserspace, and events created by KVM on behalf of the guest.\n\nRunning the guest with PEBS unexpectedly enabled typically manifests as\ncrashes due to a near-infinite stream of #PFs.  E.g. if the guest hasn\u0027t\nwritten MSR_IA32_DS_AREA, the CPU will hit page faults on address \u00270\u0027 when\ntrying to record PEBS events.\n\nThe issue is most easily reproduced by running `perf kvm top` from before\ncommit 7b100989b4f6 (\"perf evlist: Remove __evlist__add_default\") (after\nwhich, `perf kvm top` effectively stopped using PEBS).\tThe userspace side\nof perf creates a guest-only PEBS event, which intel_guest_get_msrs()\nmisconstrues a guest-*owned* PEBS event.\n\nArguably, this is a userspace bug, as enabling PEBS on guest-only events\nsimply cannot work, and userspace can kill VMs in many other ways (there\nis no danger to the host).  However, even if this is considered to be bad\nuserspace behavior, there\u0027s zero downside to perf/KVM restricting PEBS to\nguest-owned events.\n\nNote, commit 854250329c02 (\"KVM: x86/pmu: Disable guest PEBS temporarily\nin two rare situations\") fixed the case where host userspace is profiling\nKVM *and* userspace, but missed the case where userspace is profiling only\nKVM.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37936",
          "url": "https://www.suse.com/security/cve/CVE-2025-37936"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243537 for CVE-2025-37936",
          "url": "https://bugzilla.suse.com/1243537"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37936"
    },
    {
      "cve": "CVE-2025-37937",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37937"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nobjtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()\n\nIf dib8000_set_dds()\u0027s call to dib8000_read32() returns zero, the result\nis a divide-by-zero.  Prevent that from happening.\n\nFixes the following warning with an UBSAN kernel:\n\n  drivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx()",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37937",
          "url": "https://www.suse.com/security/cve/CVE-2025-37937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243540 for CVE-2025-37937",
          "url": "https://bugzilla.suse.com/1243540"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37937"
    },
    {
      "cve": "CVE-2025-37943",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37943"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi\n\nIn certain cases, hardware might provide packets with a\nlength greater than the maximum native Wi-Fi header length.\nThis can lead to accessing and modifying fields in the header\nwithin the ath12k_dp_rx_h_undecap_nwifi function for\nDP_RX_DECAP_TYPE_NATIVE_WIFI decap type and\npotentially resulting in invalid data access and memory corruption.\n\nAdd a sanity check before processing the SKB to prevent invalid\ndata access in the undecap native Wi-Fi function for the\nDP_RX_DECAP_TYPE_NATIVE_WIFI decap type.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37943",
          "url": "https://www.suse.com/security/cve/CVE-2025-37943"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243509 for CVE-2025-37943",
          "url": "https://bugzilla.suse.com/1243509"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37943"
    },
    {
      "cve": "CVE-2025-37944",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37944"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process\n\nCurrently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry\nto fetch the next entry from the destination ring. This is incorrect because\nath12k_hal_srng_src_get_next_entry is intended for source rings, not destination\nrings. This leads to invalid entry fetches, causing potential data corruption or\ncrashes due to accessing incorrect memory locations. This happens because the\nsource ring and destination ring have different handling mechanisms and using\nthe wrong function results in incorrect pointer arithmetic and ring management.\n\nTo fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with\nath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures\nthat the correct function is used for fetching entries from the destination\nring, preventing invalid memory accesses.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37944",
          "url": "https://www.suse.com/security/cve/CVE-2025-37944"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243530 for CVE-2025-37944",
          "url": "https://bugzilla.suse.com/1243530"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37944"
    },
    {
      "cve": "CVE-2025-37948",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37948"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: bpf: Add BHB mitigation to the epilogue for cBPF programs\n\nA malicious BPF program may manipulate the branch history to influence\nwhat the hardware speculates will happen next.\n\nOn exit from a BPF program, emit the BHB mititgation sequence.\n\nThis is only applied for \u0027classic\u0027 cBPF programs that are loaded by\nseccomp.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37948",
          "url": "https://www.suse.com/security/cve/CVE-2025-37948"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243649 for CVE-2025-37948",
          "url": "https://bugzilla.suse.com/1243649"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37948"
    },
    {
      "cve": "CVE-2025-37949",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37949"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxenbus: Use kref to track req lifetime\n\nMarek reported seeing a NULL pointer fault in the xenbus_thread\ncallstack:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: e030:__wake_up_common+0x4c/0x180\nCall Trace:\n \u003cTASK\u003e\n __wake_up_common_lock+0x82/0xd0\n process_msg+0x18e/0x2f0\n xenbus_thread+0x165/0x1c0\n\nprocess_msg+0x18e is req-\u003ecb(req).  req-\u003ecb is set to xs_wake_up(), a\nthin wrapper around wake_up(), or xenbus_dev_queue_reply().  It seems\nlike it was xs_wake_up() in this case.\n\nIt seems like req may have woken up the xs_wait_for_reply(), which\nkfree()ed the req.  When xenbus_thread resumes, it faults on the zero-ed\ndata.\n\nLinux Device Drivers 2nd edition states:\n\"Normally, a wake_up call can cause an immediate reschedule to happen,\nmeaning that other processes might run before wake_up returns.\"\n... which would match the behaviour observed.\n\nChange to keeping two krefs on each request.  One for the caller, and\none for xenbus_thread.  Each will kref_put() when finished, and the last\nwill free it.\n\nThis use of kref matches the description in\nDocumentation/core-api/kref.rst",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37949",
          "url": "https://www.suse.com/security/cve/CVE-2025-37949"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243541 for CVE-2025-37949",
          "url": "https://bugzilla.suse.com/1243541"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37949"
    },
    {
      "cve": "CVE-2025-37951",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37951"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Add job to pending list if the reset was skipped\n\nWhen a CL/CSD job times out, we check if the GPU has made any progress\nsince the last timeout. If so, instead of resetting the hardware, we skip\nthe reset and let the timer get rearmed. This gives long-running jobs a\nchance to complete.\n\nHowever, when `timedout_job()` is called, the job in question is removed\nfrom the pending list, which means it won\u0027t be automatically freed through\n`free_job()`. Consequently, when we skip the reset and keep the job\nrunning, the job won\u0027t be freed when it finally completes.\n\nThis situation leads to a memory leak, as exposed in [1] and [2].\n\nSimilarly to commit 704d3d60fec4 (\"drm/etnaviv: don\u0027t block scheduler when\nGPU is still active\"), this patch ensures the job is put back on the\npending list when extending the timeout.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37951",
          "url": "https://www.suse.com/security/cve/CVE-2025-37951"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243659 for CVE-2025-37951",
          "url": "https://bugzilla.suse.com/1243659"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37951"
    },
    {
      "cve": "CVE-2025-37953",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37953"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_htb: make htb_deactivate() idempotent\n\nAlan reported a NULL pointer dereference in htb_next_rb_node()\nafter we made htb_qlen_notify() idempotent.\n\nIt turns out in the following case it introduced some regression:\n\nhtb_dequeue_tree():\n  |-\u003e fq_codel_dequeue()\n    |-\u003e qdisc_tree_reduce_backlog()\n      |-\u003e htb_qlen_notify()\n        |-\u003e htb_deactivate()\n  |-\u003e htb_next_rb_node()\n  |-\u003e htb_deactivate()\n\nFor htb_next_rb_node(), after calling the 1st htb_deactivate(), the\nclprio[prio]-\u003eptr could be already set to  NULL, which means\nhtb_next_rb_node() is vulnerable here.\n\nFor htb_deactivate(), although we checked qlen before calling it, in\ncase of qlen==0 after qdisc_tree_reduce_backlog(), we may call it again\nwhich triggers the warning inside.\n\nTo fix the issues here, we need to:\n\n1) Make htb_deactivate() idempotent, that is, simply return if we\n   already call it before.\n2) Make htb_next_rb_node() safe against ptr==NULL.\n\nMany thanks to Alan for testing and for the reproducer.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37953",
          "url": "https://www.suse.com/security/cve/CVE-2025-37953"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243543 for CVE-2025-37953",
          "url": "https://bugzilla.suse.com/1243543"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37953"
    },
    {
      "cve": "CVE-2025-37954",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37954"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Avoid race in open_cached_dir with lease breaks\n\nA pre-existing valid cfid returned from find_or_create_cached_dir might\nrace with a lease break, meaning open_cached_dir doesn\u0027t consider it\nvalid, and thinks it\u0027s newly-constructed. This leaks a dentry reference\nif the allocation occurs before the queued lease break work runs.\n\nAvoid the race by extending holding the cfid_list_lock across\nfind_or_create_cached_dir and when the result is checked.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37954",
          "url": "https://www.suse.com/security/cve/CVE-2025-37954"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243664 for CVE-2025-37954",
          "url": "https://bugzilla.suse.com/1243664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37954"
    },
    {
      "cve": "CVE-2025-37957",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37957"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception\n\nPreviously, commit ed129ec9057f (\"KVM: x86: forcibly leave nested mode\non vCPU reset\") addressed an issue where a triple fault occurring in\nnested mode could lead to use-after-free scenarios. However, the commit\ndid not handle the analogous situation for System Management Mode (SMM).\n\nThis omission results in triggering a WARN when KVM forces a vCPU INIT\nafter SHUTDOWN interception while the vCPU is in SMM. This situation was\nreprodused using Syzkaller by:\n\n  1) Creating a KVM VM and vCPU\n  2) Sending a KVM_SMI ioctl to explicitly enter SMM\n  3) Executing invalid instructions causing consecutive exceptions and\n     eventually a triple fault\n\nThe issue manifests as follows:\n\n  WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112\n  kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n  Modules linked in:\n  CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted\n  6.1.130-syzkaller-00157-g164fe5dde9b6 #0\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n  BIOS 1.12.0-1 04/01/2014\n  RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n  Call Trace:\n   \u003cTASK\u003e\n   shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136\n   svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395\n   svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457\n   vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline]\n   vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062\n   kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283\n   kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:870 [inline]\n   __se_sys_ioctl fs/ioctl.c:856 [inline]\n   __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856\n   do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n   do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n   entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nArchitecturally, INIT is blocked when the CPU is in SMM, hence KVM\u0027s WARN()\nin kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper\nemulation of INIT.  SHUTDOWN on SVM is a weird edge case where KVM needs to\ndo _something_ sane with the VMCB, since it\u0027s technically undefined, and\nINIT is the least awful choice given KVM\u0027s ABI.\n\nSo, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of\nSMM to avoid any weirdness (and the WARN).\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\n[sean: massage changelog, make it clear this isn\u0027t architectural behavior]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37957",
          "url": "https://www.suse.com/security/cve/CVE-2025-37957"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243513 for CVE-2025-37957",
          "url": "https://bugzilla.suse.com/1243513"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37957"
    },
    {
      "cve": "CVE-2025-37958",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37958"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: fix dereferencing invalid pmd migration entry\n\nWhen migrating a THP, concurrent access to the PMD migration entry during\na deferred split scan can lead to an invalid address access, as\nillustrated below.  To prevent this invalid access, it is necessary to\ncheck the PMD migration entry and return early.  In this context, there is\nno need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the\nequality of the target folio.  Since the PMD migration entry is locked, it\ncannot be served as the target.\n\nMailing list discussion and explanation from Hugh Dickins: \"An anon_vma\nlookup points to a location which may contain the folio of interest, but\nmight instead contain another folio: and weeding out those other folios is\nprecisely what the \"folio != pmd_folio((*pmd)\" check (and the \"risk of\nreplacing the wrong folio\" comment a few lines above it) is for.\"\n\nBUG: unable to handle page fault for address: ffffea60001db008\nCPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60\nCall Trace:\n\u003cTASK\u003e\ntry_to_migrate_one+0x28c/0x3730\nrmap_walk_anon+0x4f6/0x770\nunmap_folio+0x196/0x1f0\nsplit_huge_page_to_list_to_order+0x9f6/0x1560\ndeferred_split_scan+0xac5/0x12a0\nshrinker_debugfs_scan_write+0x376/0x470\nfull_proxy_write+0x15c/0x220\nvfs_write+0x2fc/0xcb0\nksys_write+0x146/0x250\ndo_syscall_64+0x6a/0x120\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe bug is found by syzkaller on an internal kernel, then confirmed on\nupstream.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37958",
          "url": "https://www.suse.com/security/cve/CVE-2025-37958"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243539 for CVE-2025-37958",
          "url": "https://bugzilla.suse.com/1243539"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37958"
    },
    {
      "cve": "CVE-2025-37959",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37959"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Scrub packet on bpf_redirect_peer\n\nWhen bpf_redirect_peer is used to redirect packets to a device in\nanother network namespace, the skb isn\u0027t scrubbed. That can lead skb\ninformation from one namespace to be \"misused\" in another namespace.\n\nAs one example, this is causing Cilium to drop traffic when using\nbpf_redirect_peer to redirect packets that just went through IPsec\ndecryption to a container namespace. The following pwru trace shows (1)\nthe packet path from the host\u0027s XFRM layer to the container\u0027s XFRM\nlayer where it\u0027s dropped and (2) the number of active skb extensions at\neach function.\n\n    NETNS       MARK  IFACE  TUPLE                                FUNC\n    4026533547  d00   eth0   10.244.3.124:35473-\u003e10.244.2.158:53  xfrm_rcv_cb\n                             .active_extensions = (__u8)2,\n    4026533547  d00   eth0   10.244.3.124:35473-\u003e10.244.2.158:53  xfrm4_rcv_cb\n                             .active_extensions = (__u8)2,\n    4026533547  d00   eth0   10.244.3.124:35473-\u003e10.244.2.158:53  gro_cells_receive\n                             .active_extensions = (__u8)2,\n    [...]\n    4026533547  0     eth0   10.244.3.124:35473-\u003e10.244.2.158:53  skb_do_redirect\n                             .active_extensions = (__u8)2,\n    4026534999  0     eth0   10.244.3.124:35473-\u003e10.244.2.158:53  ip_rcv\n                             .active_extensions = (__u8)2,\n    4026534999  0     eth0   10.244.3.124:35473-\u003e10.244.2.158:53  ip_rcv_core\n                             .active_extensions = (__u8)2,\n    [...]\n    4026534999  0     eth0   10.244.3.124:35473-\u003e10.244.2.158:53  udp_queue_rcv_one_skb\n                             .active_extensions = (__u8)2,\n    4026534999  0     eth0   10.244.3.124:35473-\u003e10.244.2.158:53  __xfrm_policy_check\n                             .active_extensions = (__u8)2,\n    4026534999  0     eth0   10.244.3.124:35473-\u003e10.244.2.158:53  __xfrm_decode_session\n                             .active_extensions = (__u8)2,\n    4026534999  0     eth0   10.244.3.124:35473-\u003e10.244.2.158:53  security_xfrm_decode_session\n                             .active_extensions = (__u8)2,\n    4026534999  0     eth0   10.244.3.124:35473-\u003e10.244.2.158:53  kfree_skb_reason(SKB_DROP_REASON_XFRM_POLICY)\n                             .active_extensions = (__u8)2,\n\nIn this case, there are no XFRM policies in the container\u0027s network\nnamespace so the drop is unexpected. When we decrypt the IPsec packet,\nthe XFRM state used for decryption is set in the skb extensions. This\ninformation is preserved across the netns switch. When we reach the\nXFRM policy check in the container\u0027s netns, __xfrm_policy_check drops\nthe packet with LINUX_MIB_XFRMINNOPOLS because a (container-side) XFRM\npolicy can\u0027t be found that matches the (host-side) XFRM state used for\ndecryption.\n\nThis patch fixes this by scrubbing the packet when using\nbpf_redirect_peer, as is done on typical netns switches via veth\ndevices except skb-\u003emark and skb-\u003etstamp are not zeroed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37959",
          "url": "https://www.suse.com/security/cve/CVE-2025-37959"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243517 for CVE-2025-37959",
          "url": "https://bugzilla.suse.com/1243517"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37959"
    },
    {
      "cve": "CVE-2025-37960",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37960"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemblock: Accept allocated memory before use in memblock_double_array()\n\nWhen increasing the array size in memblock_double_array() and the slab\nis not yet available, a call to memblock_find_in_range() is used to\nreserve/allocate memory. However, the range returned may not have been\naccepted, which can result in a crash when booting an SNP guest:\n\n  RIP: 0010:memcpy_orig+0x68/0x130\n  Code: ...\n  RSP: 0000:ffffffff9cc03ce8 EFLAGS: 00010006\n  RAX: ff11001ff83e5000 RBX: 0000000000000000 RCX: fffffffffffff000\n  RDX: 0000000000000bc0 RSI: ffffffff9dba8860 RDI: ff11001ff83e5c00\n  RBP: 0000000000002000 R08: 0000000000000000 R09: 0000000000002000\n  R10: 000000207fffe000 R11: 0000040000000000 R12: ffffffff9d06ef78\n  R13: ff11001ff83e5000 R14: ffffffff9dba7c60 R15: 0000000000000c00\n  memblock_double_array+0xff/0x310\n  memblock_add_range+0x1fb/0x2f0\n  memblock_reserve+0x4f/0xa0\n  memblock_alloc_range_nid+0xac/0x130\n  memblock_alloc_internal+0x53/0xc0\n  memblock_alloc_try_nid+0x3d/0xa0\n  swiotlb_init_remap+0x149/0x2f0\n  mem_init+0xb/0xb0\n  mm_core_init+0x8f/0x350\n  start_kernel+0x17e/0x5d0\n  x86_64_start_reservations+0x14/0x30\n  x86_64_start_kernel+0x92/0xa0\n  secondary_startup_64_no_verify+0x194/0x19b\n\nMitigate this by calling accept_memory() on the memory range returned\nbefore the slab is available.\n\nPrior to v6.12, the accept_memory() interface used a \u0027start\u0027 and \u0027end\u0027\nparameter instead of \u0027start\u0027 and \u0027size\u0027, therefore the accept_memory()\ncall must be adjusted to specify \u0027start + size\u0027 for \u0027end\u0027 when applying\nto kernels prior to v6.12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37960",
          "url": "https://www.suse.com/security/cve/CVE-2025-37960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243519 for CVE-2025-37960",
          "url": "https://bugzilla.suse.com/1243519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37960"
    },
    {
      "cve": "CVE-2025-37963",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37963"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: bpf: Only mitigate cBPF programs loaded by unprivileged users\n\nSupport for eBPF programs loaded by unprivileged users is typically\ndisabled. This means only cBPF programs need to be mitigated for BHB.\n\nIn addition, only mitigate cBPF programs that were loaded by an\nunprivileged user. Privileged users can also load the same program\nvia eBPF, making the mitigation pointless.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37963",
          "url": "https://www.suse.com/security/cve/CVE-2025-37963"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243660 for CVE-2025-37963",
          "url": "https://bugzilla.suse.com/1243660"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-37963"
    },
    {
      "cve": "CVE-2025-37967",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37967"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: displayport: Fix deadlock\n\nThis patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock\nfunctions to the UCSI driver. ucsi_con_mutex_lock ensures the connector\nmutex is only locked if a connection is established and the partner pointer\nis valid. This resolves a deadlock scenario where\nucsi_displayport_remove_partner holds con-\u003emutex waiting for\ndp_altmode_work to complete while dp_altmode_work attempts to acquire it.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37967",
          "url": "https://www.suse.com/security/cve/CVE-2025-37967"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243572 for CVE-2025-37967",
          "url": "https://bugzilla.suse.com/1243572"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37967"
    },
    {
      "cve": "CVE-2025-37968",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37968"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: opt3001: fix deadlock due to concurrent flag access\n\nThe threaded IRQ function in this driver is reading the flag twice: once to\nlock a mutex and once to unlock it. Even though the code setting the flag\nis designed to prevent it, there are subtle cases where the flag could be\ntrue at the mutex_lock stage and false at the mutex_unlock stage. This\nresults in the mutex not being unlocked, resulting in a deadlock.\n\nFix it by making the opt3001_irq() code generally more robust, reading the\nflag into a variable and using the variable value at both stages.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37968",
          "url": "https://www.suse.com/security/cve/CVE-2025-37968"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243571 for CVE-2025-37968",
          "url": "https://bugzilla.suse.com/1243571"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37968"
    },
    {
      "cve": "CVE-2025-37969",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37969"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo\n\nPrevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in\ncase pattern_len is equal to zero and the device FIFO is not empty.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37969",
          "url": "https://www.suse.com/security/cve/CVE-2025-37969"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243574 for CVE-2025-37969",
          "url": "https://bugzilla.suse.com/1243574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37969"
    },
    {
      "cve": "CVE-2025-37970",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37970"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo\n\nPrevent st_lsm6dsx_read_fifo from falling in an infinite loop in case\npattern_len is equal to zero and the device FIFO is not empty.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37970",
          "url": "https://www.suse.com/security/cve/CVE-2025-37970"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243575 for CVE-2025-37970",
          "url": "https://bugzilla.suse.com/1243575"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37970"
    },
    {
      "cve": "CVE-2025-37972",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37972"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: mtk-pmic-keys - fix possible null pointer dereference\n\nIn mtk_pmic_keys_probe, the regs parameter is only set if the button is\nparsed in the device tree. However, on hardware where the button is left\nfloating, that node will most likely be removed not to enable that\ninput. In that case the code will try to dereference a null pointer.\n\nLet\u0027s use the regs struct instead as it is defined for all supported\nplatforms. Note that it is ok setting the key reg even if that latter is\ndisabled as the interrupt won\u0027t be enabled anyway.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37972",
          "url": "https://www.suse.com/security/cve/CVE-2025-37972"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243573 for CVE-2025-37972",
          "url": "https://bugzilla.suse.com/1243573"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37972"
    },
    {
      "cve": "CVE-2025-37974",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37974"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix missing check for zpci_create_device() error return\n\nThe zpci_create_device() function returns an error pointer that needs to\nbe checked before dereferencing it as a struct zpci_dev pointer. Add the\nmissing check in __clp_add() where it was missed when adding the\nscan_list in the fixed commit. Simply not adding the device to the scan\nlist results in the previous behavior.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37974",
          "url": "https://www.suse.com/security/cve/CVE-2025-37974"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243547 for CVE-2025-37974",
          "url": "https://bugzilla.suse.com/1243547"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37974"
    },
    {
      "cve": "CVE-2025-37978",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37978"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: integrity: Do not call set_page_dirty_lock()\n\nPlacing multiple protection information buffers inside the same page\ncan lead to oopses because set_page_dirty_lock() can\u0027t be called from\ninterrupt context.\n\nSince a protection information buffer is not backed by a file there is\nno point in setting its page dirty, there is nothing to synchronize.\nDrop the call to set_page_dirty_lock() and remove the last argument to\nbio_integrity_unpin_bvec().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37978",
          "url": "https://www.suse.com/security/cve/CVE-2025-37978"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243516 for CVE-2025-37978",
          "url": "https://bugzilla.suse.com/1243516"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37978"
    },
    {
      "cve": "CVE-2025-37979",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37979"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix sc7280 lpass potential buffer overflow\n\nCase values introduced in commit\n5f78e1fb7a3e (\"ASoC: qcom: Add driver support for audioreach solution\")\ncause out of bounds access in arrays of sc7280 driver data (e.g. in case\nof RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()).\n\nRedefine LPASS_MAX_PORTS to consider the maximum possible port id for\nq6dsp as sc7280 driver utilizes some of those values.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37979",
          "url": "https://www.suse.com/security/cve/CVE-2025-37979"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243545 for CVE-2025-37979",
          "url": "https://bugzilla.suse.com/1243545"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37979"
    },
    {
      "cve": "CVE-2025-37980",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37980"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix resource leak in blk_register_queue() error path\n\nWhen registering a queue fails after blk_mq_sysfs_register() is\nsuccessful but the function later encounters an error, we need\nto clean up the blk_mq_sysfs resources.\n\nAdd the missing blk_mq_sysfs_unregister() call in the error path\nto properly clean up these resources and prevent a memory leak.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37980",
          "url": "https://www.suse.com/security/cve/CVE-2025-37980"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243522 for CVE-2025-37980",
          "url": "https://bugzilla.suse.com/1243522"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37980"
    },
    {
      "cve": "CVE-2025-37982",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37982"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wl1251: fix memory leak in wl1251_tx_work\n\nThe skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails\nwith a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37982",
          "url": "https://www.suse.com/security/cve/CVE-2025-37982"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243524 for CVE-2025-37982",
          "url": "https://bugzilla.suse.com/1243524"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37982"
    },
    {
      "cve": "CVE-2025-37983",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37983"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqibfs: fix _another_ leak\n\nfailure to allocate inode =\u003e leaked dentry...\n\nthis one had been there since the initial merge; to be fair,\nif we are that far OOM, the odds of failing at that particular\nallocation are low...",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37983",
          "url": "https://www.suse.com/security/cve/CVE-2025-37983"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243567 for CVE-2025-37983",
          "url": "https://bugzilla.suse.com/1243567"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37983"
    },
    {
      "cve": "CVE-2025-37985",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37985"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: wdm: close race between wdm_open and wdm_wwan_port_stop\n\nClearing WDM_WWAN_IN_USE must be the last action or\nwe can open a chardev whose URBs are still poisoned",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37985",
          "url": "https://www.suse.com/security/cve/CVE-2025-37985"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243529 for CVE-2025-37985",
          "url": "https://bugzilla.suse.com/1243529"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37985"
    },
    {
      "cve": "CVE-2025-37986",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37986"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: class: Invalidate USB device pointers on partner unregistration\n\nTo avoid using invalid USB device pointers after a Type-C partner\ndisconnects, this patch clears the pointers upon partner unregistration.\nThis ensures a clean state for future connections.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37986",
          "url": "https://www.suse.com/security/cve/CVE-2025-37986"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243515 for CVE-2025-37986",
          "url": "https://bugzilla.suse.com/1243515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37986"
    },
    {
      "cve": "CVE-2025-37987",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37987"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: Prevent possible adminq overflow/stuck condition\n\nThe pds_core\u0027s adminq is protected by the adminq_lock, which prevents\nmore than 1 command to be posted onto it at any one time. This makes it\nso the client drivers cannot simultaneously post adminq commands.\nHowever, the completions happen in a different context, which means\nmultiple adminq commands can be posted sequentially and all waiting\non completion.\n\nOn the FW side, the backing adminq request queue is only 16 entries\nlong and the retry mechanism and/or overflow/stuck prevention is\nlacking. This can cause the adminq to get stuck, so commands are no\nlonger processed and completions are no longer sent by the FW.\n\nAs an initial fix, prevent more than 16 outstanding adminq commands so\nthere\u0027s no way to cause the adminq from getting stuck. This works\nbecause the backing adminq request queue will never have more than 16\npending adminq commands, so it will never overflow. This is done by\nreducing the adminq depth to 16.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37987",
          "url": "https://www.suse.com/security/cve/CVE-2025-37987"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243542 for CVE-2025-37987",
          "url": "https://bugzilla.suse.com/1243542"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37987"
    },
    {
      "cve": "CVE-2025-37989",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37989"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: leds: fix memory leak\n\nA network restart test on a router led to an out-of-memory condition,\nwhich was traced to a memory leak in the PHY LED trigger code.\n\nThe root cause is misuse of the devm API. The registration function\n(phy_led_triggers_register) is called from phy_attach_direct, not\nphy_probe, and the unregister function (phy_led_triggers_unregister)\nis called from phy_detach, not phy_remove. This means the register and\nunregister functions can be called multiple times for the same PHY\ndevice, but devm-allocated memory is not freed until the driver is\nunbound.\n\nThis also prevents kmemleak from detecting the leak, as the devm API\ninternally stores the allocated pointer.\n\nFix this by replacing devm_kzalloc/devm_kcalloc with standard\nkzalloc/kcalloc, and add the corresponding kfree calls in the unregister\npath.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37989",
          "url": "https://www.suse.com/security/cve/CVE-2025-37989"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243511 for CVE-2025-37989",
          "url": "https://bugzilla.suse.com/1243511"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37989"
    },
    {
      "cve": "CVE-2025-37990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()\n\nThe function brcmf_usb_dl_writeimage() calls the function\nbrcmf_usb_dl_cmd() but dose not check its return value. The\n\u0027state.state\u0027 and the \u0027state.bytes\u0027 are uninitialized if the\nfunction brcmf_usb_dl_cmd() fails. It is dangerous to use\nuninitialized variables in the conditions.\n\nAdd error handling for brcmf_usb_dl_cmd() to jump to error\nhandling path if the brcmf_usb_dl_cmd() fails and the\n\u0027state.state\u0027 and the \u0027state.bytes\u0027 are uninitialized.\n\nImprove the error message to report more detailed error\ninformation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37990",
          "url": "https://www.suse.com/security/cve/CVE-2025-37990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243528 for CVE-2025-37990",
          "url": "https://bugzilla.suse.com/1243528"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-37990"
    },
    {
      "cve": "CVE-2025-37998",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-37998"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: Fix unsafe attribute parsing in output_userspace()\n\nThis patch replaces the manual Netlink attribute iteration in\noutput_userspace() with nla_for_each_nested(), which ensures that only\nwell-formed attributes are processed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-37998",
          "url": "https://www.suse.com/security/cve/CVE-2025-37998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243836 for CVE-2025-37998",
          "url": "https://bugzilla.suse.com/1243836"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-37998"
    },
    {
      "cve": "CVE-2025-38104",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38104"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV\n\nRLCG Register Access is a way for virtual functions to safely access GPU\nregisters in a virtualized environment., including TLB flushes and\nregister reads. When multiple threads or VFs try to access the same\nregisters simultaneously, it can lead to race conditions. By using the\nRLCG interface, the driver can serialize access to the registers. This\nmeans that only one thread can access the registers at a time,\npreventing conflicts and ensuring that operations are performed\ncorrectly. Additionally, when a low-priority task holds a mutex that a\nhigh-priority task needs, ie., If a thread holding a spinlock tries to\nacquire a mutex, it can lead to priority inversion. register access in\namdgpu_virt_rlcg_reg_rw especially in a fast code path is critical.\n\nThe call stack shows that the function amdgpu_virt_rlcg_reg_rw is being\ncalled, which attempts to acquire the mutex. This function is invoked\nfrom amdgpu_sriov_wreg, which in turn is called from\ngmc_v11_0_flush_gpu_tlb.\n\nThe [ BUG: Invalid wait context ] indicates that a thread is trying to\nacquire a mutex while it is in a context that does not allow it to sleep\n(like holding a spinlock).\n\nFixes the below:\n\n[  253.013423] =============================\n[  253.013434] [ BUG: Invalid wait context ]\n[  253.013446] 6.12.0-amdstaging-drm-next-lol-050225 #14 Tainted: G     U     OE\n[  253.013464] -----------------------------\n[  253.013475] kworker/0:1/10 is trying to lock:\n[  253.013487] ffff9f30542e3cf8 (\u0026adev-\u003evirt.rlcg_reg_lock){+.+.}-{3:3}, at: amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[  253.013815] other info that might help us debug this:\n[  253.013827] context-{4:4}\n[  253.013835] 3 locks held by kworker/0:1/10:\n[  253.013847]  #0: ffff9f3040050f58 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x3f5/0x680\n[  253.013877]  #1: ffffb789c008be40 ((work_completion)(\u0026wfc.work)){+.+.}-{0:0}, at: process_one_work+0x1d6/0x680\n[  253.013905]  #2: ffff9f3054281838 (\u0026adev-\u003egmc.invalidate_lock){+.+.}-{2:2}, at: gmc_v11_0_flush_gpu_tlb+0x198/0x4f0 [amdgpu]\n[  253.014154] stack backtrace:\n[  253.014164] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G     U     OE      6.12.0-amdstaging-drm-next-lol-050225 #14\n[  253.014189] Tainted: [U]=USER, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[  253.014203] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/18/2024\n[  253.014224] Workqueue: events work_for_cpu_fn\n[  253.014241] Call Trace:\n[  253.014250]  \u003cTASK\u003e\n[  253.014260]  dump_stack_lvl+0x9b/0xf0\n[  253.014275]  dump_stack+0x10/0x20\n[  253.014287]  __lock_acquire+0xa47/0x2810\n[  253.014303]  ? srso_alias_return_thunk+0x5/0xfbef5\n[  253.014321]  lock_acquire+0xd1/0x300\n[  253.014333]  ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[  253.014562]  ? __lock_acquire+0xa6b/0x2810\n[  253.014578]  __mutex_lock+0x85/0xe20\n[  253.014591]  ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[  253.014782]  ? sched_clock_noinstr+0x9/0x10\n[  253.014795]  ? srso_alias_return_thunk+0x5/0xfbef5\n[  253.014808]  ? local_clock_noinstr+0xe/0xc0\n[  253.014822]  ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[  253.015012]  ? srso_alias_return_thunk+0x5/0xfbef5\n[  253.015029]  mutex_lock_nested+0x1b/0x30\n[  253.015044]  ? mutex_lock_nested+0x1b/0x30\n[  253.015057]  amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu]\n[  253.015249]  amdgpu_sriov_wreg+0xc5/0xd0 [amdgpu]\n[  253.015435]  gmc_v11_0_flush_gpu_tlb+0x44b/0x4f0 [amdgpu]\n[  253.015667]  gfx_v11_0_hw_init+0x499/0x29c0 [amdgpu]\n[  253.015901]  ? __pfx_smu_v13_0_update_pcie_parameters+0x10/0x10 [amdgpu]\n[  253.016159]  ? srso_alias_return_thunk+0x5/0xfbef5\n[  253.016173]  ? smu_hw_init+0x18d/0x300 [amdgpu]\n[  253.016403]  amdgpu_device_init+0x29ad/0x36a0 [amdgpu]\n[  253.016614]  amdgpu_driver_load_kms+0x1a/0xc0 [amdgpu]\n[  253.0170\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38104",
          "url": "https://www.suse.com/security/cve/CVE-2025-38104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241635 for CVE-2025-38104",
          "url": "https://bugzilla.suse.com/1241635"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-38104"
    },
    {
      "cve": "CVE-2025-38152",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38152"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Clear table_sz when rproc_shutdown\n\nThere is case as below could trigger kernel dump:\nUse U-Boot to start remote processor(rproc) with resource table\npublished to a fixed address by rproc. After Kernel boots up,\nstop the rproc, load a new firmware which doesn\u0027t have resource table\n,and start rproc.\n\nWhen starting rproc with a firmware not have resource table,\n`memcpy(loaded_table, rproc-\u003ecached_table, rproc-\u003etable_sz)` will\ntrigger dump, because rproc-\u003ecache_table is set to NULL during the last\nstop operation, but rproc-\u003etable_sz is still valid.\n\nThis issue is found on i.MX8MP and i.MX9.\n\nDump as below:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\nMem abort info:\n  ESR = 0x0000000096000004\n  EC = 0x25: DABT (current EL), IL = 32 bits\n  SET = 0, FnV = 0\n  EA = 0, S1PTW = 0\n  FSC = 0x04: level 0 translation fault\nData abort info:\n  ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n  CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af63000\n[0000000000000000] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in:\nCPU: 2 UID: 0 PID: 1060 Comm: sh Not tainted 6.14.0-rc7-next-20250317-dirty #38\nHardware name: NXP i.MX8MPlus EVK board (DT)\npstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __pi_memcpy_generic+0x110/0x22c\nlr : rproc_start+0x88/0x1e0\nCall trace:\n __pi_memcpy_generic+0x110/0x22c (P)\n rproc_boot+0x198/0x57c\n state_store+0x40/0x104\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x120/0x1cc\n vfs_write+0x240/0x378\n ksys_write+0x70/0x108\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xcc\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n\nClear rproc-\u003etable_sz to address the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38152",
          "url": "https://www.suse.com/security/cve/CVE-2025-38152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241627 for CVE-2025-38152",
          "url": "https://bugzilla.suse.com/1241627"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-38152"
    },
    {
      "cve": "CVE-2025-38240",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38240"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr\n\nThe function mtk_dp_wait_hpd_asserted() may be called before the\n`mtk_dp-\u003edrm_dev` pointer is assigned in mtk_dp_bridge_attach().\nSpecifically it can be called via this callpath:\n - mtk_edp_wait_hpd_asserted\n - [panel probe]\n - dp_aux_ep_probe\n\nUsing \"drm\" level prints anywhere in this callpath causes a NULL\npointer dereference. Change the error message directly in\nmtk_dp_wait_hpd_asserted() to dev_err() to avoid this. Also change the\nerror messages in mtk_dp_parse_capabilities(), which is called by\nmtk_dp_wait_hpd_asserted().\n\nWhile touching these prints, also add the error code to them to make\nfuture debugging easier.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38240",
          "url": "https://www.suse.com/security/cve/CVE-2025-38240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241457 for CVE-2025-38240",
          "url": "https://bugzilla.suse.com/1241457"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-38240"
    },
    {
      "cve": "CVE-2025-38637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: skbprio: Remove overly strict queue assertions\n\nIn the current implementation, skbprio enqueue/dequeue contains an assertion\nthat fails under certain conditions when SKBPRIO is used as a child qdisc under\nTBF with specific parameters. The failure occurs because TBF sometimes peeks at\npackets in the child qdisc without actually dequeuing them when tokens are\nunavailable.\n\nThis peek operation creates a discrepancy between the parent and child qdisc\nqueue length counters. When TBF later receives a high-priority packet,\nSKBPRIO\u0027s queue length may show a different value than what\u0027s reflected in its\ninternal priority queue tracking, triggering the assertion.\n\nThe fix removes this overly strict assertions in SKBPRIO, they are not\nnecessary at all.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38637",
          "url": "https://www.suse.com/security/cve/CVE-2025-38637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241657 for CVE-2025-38637",
          "url": "https://bugzilla.suse.com/1241657"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-38637"
    },
    {
      "cve": "CVE-2025-39735",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-39735"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix slab-out-of-bounds read in ea_get()\n\nDuring the \"size_check\" label in ea_get(), the code checks if the extended\nattribute list (xattr) size matches ea_size. If not, it logs\n\"ea_get: invalid extended attribute\" and calls print_hex_dump().\n\nHere, EALIST_SIZE(ea_buf-\u003exattr) returns 4110417968, which exceeds\nINT_MAX (2,147,483,647). Then ea_size is clamped:\n\n\tint size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf-\u003exattr));\n\nAlthough clamp_t aims to bound ea_size between 0 and 4110417968, the upper\nlimit is treated as an int, causing an overflow above 2^31 - 1. This leads\n\"size\" to wrap around and become negative (-184549328).\n\nThe \"size\" is then passed to print_hex_dump() (called \"len\" in\nprint_hex_dump()), it is passed as type size_t (an unsigned\ntype), this is then stored inside a variable called\n\"int remaining\", which is then assigned to \"int linelen\" which\nis then passed to hex_dump_to_buffer(). In print_hex_dump()\nthe for loop, iterates through 0 to len-1, where len is\n18446744073525002176, calling hex_dump_to_buffer()\non each iteration:\n\n\tfor (i = 0; i \u003c len; i += rowsize) {\n\t\tlinelen = min(remaining, rowsize);\n\t\tremaining -= rowsize;\n\n\t\thex_dump_to_buffer(ptr + i, linelen, rowsize, groupsize,\n\t\t\t\t   linebuf, sizeof(linebuf), ascii);\n\n\t\t...\n\t}\n\nThe expected stopping condition (i \u003c len) is effectively broken\nsince len is corrupted and very large. This eventually leads to\nthe \"ptr+i\" being passed to hex_dump_to_buffer() to get closer\nto the end of the actual bounds of \"ptr\", eventually an out of\nbounds access is done in hex_dump_to_buffer() in the following\nfor loop:\n\n\tfor (j = 0; j \u003c len; j++) {\n\t\t\tif (linebuflen \u003c lx + 2)\n\t\t\t\tgoto overflow2;\n\t\t\tch = ptr[j];\n\t\t...\n\t}\n\nTo fix this we should validate \"EALIST_SIZE(ea_buf-\u003exattr)\"\nbefore it is utilised.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-39735",
          "url": "https://www.suse.com/security/cve/CVE-2025-39735"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241625 for CVE-2025-39735",
          "url": "https://bugzilla.suse.com/1241625"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241699 for CVE-2025-39735",
          "url": "https://bugzilla.suse.com/1241699"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-39735"
    },
    {
      "cve": "CVE-2025-40014",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40014"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nobjtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()\n\nIf speed_hz \u003c AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the\nentire amd_spi_freq array without breaking out early, causing \u0027i\u0027 to go\nbeyond the array bounds.\n\nFix that by stopping the loop when it gets to the last entry, so the low\nspeed_hz value gets clamped up to AMD_SPI_MIN_HZ.\n\nFixes the following warning with an UBSAN kernel:\n\n  drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode()",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40014",
          "url": "https://www.suse.com/security/cve/CVE-2025-40014"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241644 for CVE-2025-40014",
          "url": "https://bugzilla.suse.com/1241644"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-40014"
    },
    {
      "cve": "CVE-2025-40325",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40325"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: wait barrier before returning discard request with REQ_NOWAIT\n\nraid10_handle_discard should wait barrier before returning a discard bio\nwhich has REQ_NOWAIT. And there is no need to print warning calltrace\nif a discard bio has REQ_NOWAIT flag. Quality engineer usually checks\ndmesg and reports error if dmesg has warning/error calltrace.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
          "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
          "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40325",
          "url": "https://www.suse.com/security/cve/CVE-2025-40325"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241638 for CVE-2025-40325",
          "url": "https://bugzilla.suse.com/1241638"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-33.1.noarch",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.aarch64",
            "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-33.1.x86_64",
            "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-33.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-16T15:33:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-40325"
    }
  ]
}