kernel-devel-6.16.6-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15544-1 Final 1 1 2025-09-11T00:00:00Z current 2025-09-11T00:00:00Z 2025-09-11T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-6.16.6-1.1 on GA media These are all security issues fixed in the kernel-devel-6.16.6-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15544 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-53093/ SUSE CVE CVE-2024-53093 page https://www.suse.com/security/cve/CVE-2025-38216/ SUSE CVE CVE-2025-38216 page openSUSE Tumbleweed kernel-devel-6.16.6-1.1 kernel-macros-6.16.6-1.1 kernel-source-6.16.6-1.1 kernel-source-vanilla-6.16.6-1.1 kernel-devel-6.16.6-1.1 as a component of openSUSE Tumbleweed kernel-macros-6.16.6-1.1 as a component of openSUSE Tumbleweed kernel-source-6.16.6-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-6.16.6-1.1 as a component of openSUSE Tumbleweed In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes available or all paths are torn down, but that action also occurs within scan_work, so it would deadlock. Defer the partion scan to a different context that does not block scan_work. CVE-2024-53093 openSUSE Tumbleweed:kernel-devel-6.16.6-1.1 openSUSE Tumbleweed:kernel-macros-6.16.6-1.1 openSUSE Tumbleweed:kernel-source-6.16.6-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.16.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-53093.html CVE-2024-53093 https://bugzilla.suse.com/1233640 SUSE Bug 1233640 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 ("iommu/vt-d: Add support for static identity domain") changed the context entry setup during domain attachment from a set-and-check policy to a clear-and-reset approach. This inadvertently introduced a regression affecting PCI aliased devices behind PCIe-to-PCI bridges. Specifically, keyboard and touchpad stopped working on several Apple Macbooks with below messages: kernel: platform pxa2xx-spi.3: Adding to iommu group 20 kernel: input: Apple SPI Keyboard as /devices/pci0000:00/0000:00:1e.3/pxa2xx-spi.3/spi_master/spi2/spi-APP000D:00/input/input0 kernel: DMAR: DRHD: handling fault status reg 3 kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr 0xffffa000 [fault reason 0x06] PTE Read access is not set kernel: DMAR: DRHD: handling fault status reg 3 kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr 0xffffa000 [fault reason 0x06] PTE Read access is not set kernel: applespi spi-APP000D:00: Error writing to device: 01 0e 00 00 kernel: DMAR: DRHD: handling fault status reg 3 kernel: DMAR: [DMA Read NO_PASID] Request device [00:1e.3] fault addr 0xffffa000 [fault reason 0x06] PTE Read access is not set kernel: DMAR: DRHD: handling fault status reg 3 kernel: applespi spi-APP000D:00: Error writing to device: 01 0e 00 00 Fix this by restoring the previous context setup order. CVE-2025-38216 openSUSE Tumbleweed:kernel-devel-6.16.6-1.1 openSUSE Tumbleweed:kernel-macros-6.16.6-1.1 openSUSE Tumbleweed:kernel-source-6.16.6-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.16.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-38216.html CVE-2025-38216 https://bugzilla.suse.com/1245963 SUSE Bug 1245963