kernel-devel-6.16.9-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16647 Final 1 1 2025-09-29T00:00:00Z current 2025-09-29T00:00:00Z 2025-09-29T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-devel-6.16.9-1.1 on GA media These are all security issues fixed in the kernel-devel-6.16.9-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16647 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-50412/ SUSE CVE CVE-2022-50412 page https://www.suse.com/security/cve/CVE-2023-53220/ SUSE CVE CVE-2023-53220 page https://www.suse.com/security/cve/CVE-2025-38011/ SUSE CVE CVE-2025-38011 page openSUSE Tumbleweed kernel-devel-6.16.9-1.1 kernel-macros-6.16.9-1.1 kernel-source-6.16.9-1.1 kernel-source-vanilla-6.16.9-1.1 kernel-devel-6.16.9-1.1 as a component of openSUSE Tumbleweed kernel-macros-6.16.9-1.1 as a component of openSUSE Tumbleweed kernel-source-6.16.9-1.1 as a component of openSUSE Tumbleweed kernel-source-vanilla-6.16.9-1.1 as a component of openSUSE Tumbleweed In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cec_unregister_adapter() assumes that the underlying adapter ops are callable. For example, if the CEC adapter currently has a valid physical address, then the unregistration procedure will invalidate the physical address by setting it to f.f.f.f. Whence the following kernel oops observed after removing the adv7511 module: Unable to handle kernel execution of user memory at virtual address 0000000000000000 Internal error: Oops: 86000004 [#1] PREEMPT_RT SMP Call trace: 0x0 adv7511_cec_adap_log_addr+0x1ac/0x1c8 [adv7511] cec_adap_unconfigure+0x44/0x90 [cec] __cec_s_phys_addr.part.0+0x68/0x230 [cec] __cec_s_phys_addr+0x40/0x50 [cec] cec_unregister_adapter+0xb4/0x118 [cec] adv7511_remove+0x60/0x90 [adv7511] i2c_device_remove+0x34/0xe0 device_release_driver_internal+0x114/0x1f0 driver_detach+0x54/0xe0 bus_remove_driver+0x60/0xd8 driver_unregister+0x34/0x60 i2c_del_driver+0x2c/0x68 adv7511_exit+0x1c/0x67c [adv7511] __arm64_sys_delete_module+0x154/0x288 invoke_syscall+0x48/0x100 el0_svc_common.constprop.0+0x48/0xe8 do_el0_svc+0x28/0x88 el0_svc+0x1c/0x50 el0t_64_sync_handler+0xa8/0xb0 el0t_64_sync+0x15c/0x160 Code: bad PC value ---[ end trace 0000000000000000 ]--- Protect against this scenario by unregistering i2c_cec after unregistering the CEC adapter. Duly disable the CEC clock afterwards too. CVE-2022-50412 openSUSE Tumbleweed:kernel-devel-6.16.9-1.1 openSUSE Tumbleweed:kernel-macros-6.16.9-1.1 openSUSE Tumbleweed:kernel-source-6.16.9-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.16.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-50412.html CVE-2022-50412 https://bugzilla.suse.com/1250189 SUSE Bug 1250189 In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() In az6007_i2c_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach az6007_i2c_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") CVE-2023-53220 openSUSE Tumbleweed:kernel-devel-6.16.9-1.1 openSUSE Tumbleweed:kernel-macros-6.16.9-1.1 openSUSE Tumbleweed:kernel-source-6.16.9-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.16.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-53220.html CVE-2023-53220 https://bugzilla.suse.com/1250337 SUSE Bug 1250337 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and below warning backtrace. Change to use uninterruptible wait lock fix the issue. WARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525 amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu] Call Trace: <TASK> drm_file_free.part.0+0x1da/0x230 [drm] drm_close_helper.isra.0+0x65/0x70 [drm] drm_release+0x6a/0x120 [drm] amdgpu_drm_release+0x51/0x60 [amdgpu] __fput+0x9f/0x280 ____fput+0xe/0x20 task_work_run+0x67/0xa0 do_exit+0x217/0x3c0 do_group_exit+0x3b/0xb0 get_signal+0x14a/0x8d0 arch_do_signal_or_restart+0xde/0x100 exit_to_user_mode_loop+0xc1/0x1a0 exit_to_user_mode_prepare+0xf4/0x100 syscall_exit_to_user_mode+0x17/0x40 do_syscall_64+0x69/0xc0 (cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab) CVE-2025-38011 openSUSE Tumbleweed:kernel-devel-6.16.9-1.1 openSUSE Tumbleweed:kernel-macros-6.16.9-1.1 openSUSE Tumbleweed:kernel-source-6.16.9-1.1 openSUSE Tumbleweed:kernel-source-vanilla-6.16.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-38011.html CVE-2025-38011 https://bugzilla.suse.com/1244729 SUSE Bug 1244729