{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel (Live Patch 62 for SUSE Linux Enterprise 15 SP3)","title":"Title of the patch"},{"category":"description","text":"\nThis update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.221 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50388: nvme: fix multipath crash caused by flush request when blktrace is enabled (bsc#1250295).\n- CVE-2022-50432: kernfs: fix use-after-free in __kernfs_remove (bsc#1251228).\n- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251983).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2025-4285,SUSE-SLE-Module-Live-Patching-15-SP3-2025-4285","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4285-1.json"},{"category":"self","summary":"URL for SUSE-SU-2025:4285-1","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254285-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2025:4285-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-November/023421.html"},{"category":"self","summary":"SUSE Bug 1250295","url":"https://bugzilla.suse.com/1250295"},{"category":"self","summary":"SUSE Bug 1251228","url":"https://bugzilla.suse.com/1251228"},{"category":"self","summary":"SUSE Bug 1251983","url":"https://bugzilla.suse.com/1251983"},{"category":"self","summary":"SUSE CVE CVE-2022-50388 page","url":"https://www.suse.com/security/cve/CVE-2022-50388/"},{"category":"self","summary":"SUSE CVE CVE-2022-50432 page","url":"https://www.suse.com/security/cve/CVE-2022-50432/"},{"category":"self","summary":"SUSE CVE CVE-2023-53673 page","url":"https://www.suse.com/security/cve/CVE-2023-53673/"}],"title":"Security update for the Linux Kernel (Live Patch 62 for SUSE Linux Enterprise 15 SP3)","tracking":{"current_release_date":"2025-11-27T22:34:36Z","generator":{"date":"2025-11-27T22:34:36Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2025:4285-1","initial_release_date":"2025-11-27T22:34:36Z","revision_history":[{"date":"2025-11-27T22:34:36Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","product":{"name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","product_id":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","product":{"name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","product_id":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64","product":{"name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64","product_id":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"}},{"category":"product_version","name":"kernel-livepatch-5_3_18-150300_59_221-preempt-2-150300.2.1.x86_64","product":{"name":"kernel-livepatch-5_3_18-150300_59_221-preempt-2-150300.2.1.x86_64","product_id":"kernel-livepatch-5_3_18-150300_59_221-preempt-2-150300.2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 15 SP3","product":{"name":"SUSE Linux Enterprise Live Patching 15 SP3","product_id":"SUSE Linux Enterprise Live Patching 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-live-patching:15:sp3"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3","product_id":"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le"},"product_reference":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3","product_id":"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x"},"product_reference":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3","product_id":"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"},"product_reference":"kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP3"}]},"vulnerabilities":[{"cve":"CVE-2022-50388","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-50388"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix multipath crash caused by flush request when blktrace is enabled\n\nThe flush request initialized by blk_kick_flush has NULL bio,\nand it may be dealt with nvme_end_req during io completion.\nWhen blktrace is enabled, nvme_trace_bio_complete with multipath\nactivated trying to access NULL pointer bio from flush request\nresults in the following crash:\n\n[ 2517.831677] BUG: kernel NULL pointer dereference, address: 000000000000001a\n[ 2517.835213] #PF: supervisor read access in kernel mode\n[ 2517.838724] #PF: error_code(0x0000) - not-present page\n[ 2517.842222] PGD 7b2d51067 P4D 0\n[ 2517.845684] Oops: 0000 [#1] SMP NOPTI\n[ 2517.849125] CPU: 2 PID: 732 Comm: kworker/2:1H Kdump: loaded Tainted: G S                5.15.67-0.cl9.x86_64 #1\n[ 2517.852723] Hardware name: XFUSION 2288H V6/BC13MBSBC, BIOS 1.13 07/27/2022\n[ 2517.856358] Workqueue: nvme_tcp_wq nvme_tcp_io_work [nvme_tcp]\n[ 2517.859993] RIP: 0010:blk_add_trace_bio_complete+0x6/0x30\n[ 2517.863628] Code: 1f 44 00 00 48 8b 46 08 31 c9 ba 04 00 10 00 48 8b 80 50 03 00 00 48 8b 78 50 e9 e5 fe ff ff 0f 1f 44 00 00 41 54 49 89 f4 55 <0f> b6 7a 1a 48 89 d5 e8 3e 1c 2b 00 48 89 ee 4c 89 e7 5d 89 c1 ba\n[ 2517.871269] RSP: 0018:ff7f6a008d9dbcd0 EFLAGS: 00010286\n[ 2517.875081] RAX: ff3d5b4be00b1d50 RBX: 0000000002040002 RCX: ff3d5b0a270f2000\n[ 2517.878966] RDX: 0000000000000000 RSI: ff3d5b0b021fb9f8 RDI: 0000000000000000\n[ 2517.882849] RBP: ff3d5b0b96a6fa00 R08: 0000000000000001 R09: 0000000000000000\n[ 2517.886718] R10: 000000000000000c R11: 000000000000000c R12: ff3d5b0b021fb9f8\n[ 2517.890575] R13: 0000000002000000 R14: ff3d5b0b021fb1b0 R15: 0000000000000018\n[ 2517.894434] FS:  0000000000000000(0000) GS:ff3d5b42bfc80000(0000) knlGS:0000000000000000\n[ 2517.898299] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 2517.902157] CR2: 000000000000001a CR3: 00000004f023e005 CR4: 0000000000771ee0\n[ 2517.906053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 2517.909930] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 2517.913761] PKRU: 55555554\n[ 2517.917558] Call Trace:\n[ 2517.921294]  <TASK>\n[ 2517.924982]  nvme_complete_rq+0x1c3/0x1e0 [nvme_core]\n[ 2517.928715]  nvme_tcp_recv_pdu+0x4d7/0x540 [nvme_tcp]\n[ 2517.932442]  nvme_tcp_recv_skb+0x4f/0x240 [nvme_tcp]\n[ 2517.936137]  ? nvme_tcp_recv_pdu+0x540/0x540 [nvme_tcp]\n[ 2517.939830]  tcp_read_sock+0x9c/0x260\n[ 2517.943486]  nvme_tcp_try_recv+0x65/0xa0 [nvme_tcp]\n[ 2517.947173]  nvme_tcp_io_work+0x64/0x90 [nvme_tcp]\n[ 2517.950834]  process_one_work+0x1e8/0x390\n[ 2517.954473]  worker_thread+0x53/0x3c0\n[ 2517.958069]  ? process_one_work+0x390/0x390\n[ 2517.961655]  kthread+0x10c/0x130\n[ 2517.965211]  ? set_kthread_struct+0x40/0x40\n[ 2517.968760]  ret_from_fork+0x1f/0x30\n[ 2517.972285]  </TASK>\n\nTo avoid this situation, add a NULL check for req->bio before\ncalling trace_block_bio_complete.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2022-50388","url":"https://www.suse.com/security/cve/CVE-2022-50388"},{"category":"external","summary":"SUSE Bug 1250293 for CVE-2022-50388","url":"https://bugzilla.suse.com/1250293"},{"category":"external","summary":"SUSE Bug 1250295 for CVE-2022-50388","url":"https://bugzilla.suse.com/1250295"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-11-27T22:34:36Z","details":"important"}],"title":"CVE-2022-50388"},{"cve":"CVE-2022-50432","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-50432"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: fix use-after-free in __kernfs_remove\n\nSyzkaller managed to trigger concurrent calls to\nkernfs_remove_by_name_ns() for the same file resulting in\na KASAN detected use-after-free. The race occurs when the root\nnode is freed during kernfs_drain().\n\nTo prevent this acquire an additional reference for the root\nof the tree that is removed before calling __kernfs_remove().\n\nFound by syzkaller with the following reproducer (slab_nomerge is\nrequired):\n\nsyz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\\x00', 0x100000, 0x0, 0x0, 0x0, 0x0)\nr0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\\x00', 0x0, 0x0)\nclose(r0)\npipe2(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)\nmount$9p_fd(0x0, &(0x7f0000000040)='./file0\\x00', &(0x7f00000000c0), 0x408, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose}, {@mmap}, {@loose}, {@loose}, {@mmap}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@dont_hash}]}})\n\nSample report:\n\n==================================================================\nBUG: KASAN: use-after-free in kernfs_type include/linux/kernfs.h:335 [inline]\nBUG: KASAN: use-after-free in kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline]\nBUG: KASAN: use-after-free in __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369\nRead of size 2 at addr ffff8880088807f0 by task syz-executor.2/857\n\nCPU: 0 PID: 857 Comm: syz-executor.2 Not tainted 6.0.0-rc3-00363-g7726d4c3e60b #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x6e/0x91 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x5e/0x5e5 mm/kasan/report.c:433\n kasan_report+0xa3/0x130 mm/kasan/report.c:495\n kernfs_type include/linux/kernfs.h:335 [inline]\n kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline]\n __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369\n __kernfs_remove fs/kernfs/dir.c:1356 [inline]\n kernfs_remove_by_name_ns+0x108/0x190 fs/kernfs/dir.c:1589\n sysfs_slab_add+0x133/0x1e0 mm/slub.c:5943\n __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899\n create_cache mm/slab_common.c:229 [inline]\n kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335\n p9_client_create+0xd4d/0x1190 net/9p/client.c:993\n v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408\n v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126\n legacy_get_tree+0xf1/0x200 fs/fs_context.c:610\n vfs_get_tree+0x85/0x2e0 fs/super.c:1530\n do_new_mount fs/namespace.c:3040 [inline]\n path_mount+0x675/0x1d00 fs/namespace.c:3370\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]\n __se_sys_mount fs/namespace.c:3568 [inline]\n __x64_sys_mount+0x282/0x300 fs/namespace.c:3568\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f725f983aed\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f725f0f7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\nRAX: ffffffffffffffda RBX: 00007f725faa3f80 RCX: 00007f725f983aed\nRDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000\nRBP: 00007f725f9f419c R08: 0000000020000280 R09: 0000000000000000\nR10: 0000000000000408 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000006 R14: 00007f725faa3f80 R15: 00007f725f0d7000\n </TASK>\n\nAllocated by task 855:\n kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:45 [inline]\n set_alloc_info mm/kasan/common.c:437 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:470\n kasan_slab_alloc include/linux/kasan.h:224 [inline]\n slab_post_alloc_hook mm/slab.h:7\n---truncated---","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2022-50432","url":"https://www.suse.com/security/cve/CVE-2022-50432"},{"category":"external","summary":"SUSE Bug 1250851 for CVE-2022-50432","url":"https://bugzilla.suse.com/1250851"},{"category":"external","summary":"SUSE Bug 1251228 for CVE-2022-50432","url":"https://bugzilla.suse.com/1251228"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-11-27T22:34:36Z","details":"important"}],"title":"CVE-2022-50432"},{"cve":"CVE-2023-53673","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-53673"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -> 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... <no iso_* activity on sk/conn> ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G            E      6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-53673","url":"https://www.suse.com/security/cve/CVE-2023-53673"},{"category":"external","summary":"SUSE Bug 1251763 for CVE-2023-53673","url":"https://bugzilla.suse.com/1251763"},{"category":"external","summary":"SUSE Bug 1251983 for CVE-2023-53673","url":"https://bugzilla.suse.com/1251983"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_221-default-2-150300.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-11-27T22:34:36Z","details":"important"}],"title":"CVE-2023-53673"}]}