Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01918-1 Final 1 1 2025-06-12T06:29:00Z current 2025-06-12T06:29:00Z 2025-06-12T06:29:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). The following non-security bugs were fixed: - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737). - Refresh fixes for cBPF issue (bsc#1242778) - Remove debug flavor (bsc#1243919) - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778). - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778). - arm64: insn: Add support for encoding DSB (bsc#1242778). - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778). - arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778). - arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737). - hv_netvsc: Remove rmsg_pgcnt (bsc#1243737). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737). - mtd: phram: Add the kernel lock down check (bsc#1232649). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1918,SUSE-SLE-Micro-5.3-2025-1918,SUSE-SLE-Micro-5.4-2025-1918 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ Link for SUSE-SU-2025:01918-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021478.html E-Mail link for SUSE-SU-2025:01918-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1184350 SUSE Bug 1184350 https://bugzilla.suse.com/1193629 SUSE Bug 1193629 https://bugzilla.suse.com/1204569 SUSE Bug 1204569 https://bugzilla.suse.com/1204619 SUSE Bug 1204619 https://bugzilla.suse.com/1204705 SUSE Bug 1204705 https://bugzilla.suse.com/1205282 SUSE Bug 1205282 https://bugzilla.suse.com/1206051 SUSE Bug 1206051 https://bugzilla.suse.com/1206073 SUSE Bug 1206073 https://bugzilla.suse.com/1206649 SUSE Bug 1206649 https://bugzilla.suse.com/1206886 SUSE Bug 1206886 https://bugzilla.suse.com/1206887 SUSE Bug 1206887 https://bugzilla.suse.com/1208542 SUSE Bug 1208542 https://bugzilla.suse.com/1209292 SUSE Bug 1209292 https://bugzilla.suse.com/1209556 SUSE Bug 1209556 https://bugzilla.suse.com/1209684 SUSE Bug 1209684 https://bugzilla.suse.com/1210337 SUSE Bug 1210337 https://bugzilla.suse.com/1210763 SUSE Bug 1210763 https://bugzilla.suse.com/1210767 SUSE Bug 1210767 https://bugzilla.suse.com/1211465 SUSE Bug 1211465 https://bugzilla.suse.com/1213012 SUSE Bug 1213012 https://bugzilla.suse.com/1213013 SUSE Bug 1213013 https://bugzilla.suse.com/1213094 SUSE Bug 1213094 https://bugzilla.suse.com/1213096 SUSE Bug 1213096 https://bugzilla.suse.com/1213946 SUSE Bug 1213946 https://bugzilla.suse.com/1214991 SUSE Bug 1214991 https://bugzilla.suse.com/1218470 SUSE Bug 1218470 https://bugzilla.suse.com/1232649 SUSE Bug 1232649 https://bugzilla.suse.com/1234887 SUSE Bug 1234887 https://bugzilla.suse.com/1235100 SUSE Bug 1235100 https://bugzilla.suse.com/1237981 SUSE Bug 1237981 https://bugzilla.suse.com/1238032 SUSE Bug 1238032 https://bugzilla.suse.com/1240177 SUSE Bug 1240177 https://bugzilla.suse.com/1240802 SUSE Bug 1240802 https://bugzilla.suse.com/1241525 SUSE Bug 1241525 https://bugzilla.suse.com/1241526 SUSE Bug 1241526 https://bugzilla.suse.com/1241640 SUSE Bug 1241640 https://bugzilla.suse.com/1241648 SUSE Bug 1241648 https://bugzilla.suse.com/1242147 SUSE Bug 1242147 https://bugzilla.suse.com/1242150 SUSE Bug 1242150 https://bugzilla.suse.com/1242151 SUSE Bug 1242151 https://bugzilla.suse.com/1242154 SUSE Bug 1242154 https://bugzilla.suse.com/1242157 SUSE Bug 1242157 https://bugzilla.suse.com/1242158 SUSE Bug 1242158 https://bugzilla.suse.com/1242164 SUSE Bug 1242164 https://bugzilla.suse.com/1242165 SUSE Bug 1242165 https://bugzilla.suse.com/1242169 SUSE Bug 1242169 https://bugzilla.suse.com/1242215 SUSE Bug 1242215 https://bugzilla.suse.com/1242218 SUSE Bug 1242218 https://bugzilla.suse.com/1242219 SUSE Bug 1242219 https://bugzilla.suse.com/1242222 SUSE Bug 1242222 https://bugzilla.suse.com/1242226 SUSE Bug 1242226 https://bugzilla.suse.com/1242227 SUSE Bug 1242227 https://bugzilla.suse.com/1242228 SUSE Bug 1242228 https://bugzilla.suse.com/1242229 SUSE Bug 1242229 https://bugzilla.suse.com/1242230 SUSE Bug 1242230 https://bugzilla.suse.com/1242231 SUSE Bug 1242231 https://bugzilla.suse.com/1242232 SUSE Bug 1242232 https://bugzilla.suse.com/1242237 SUSE Bug 1242237 https://bugzilla.suse.com/1242239 SUSE Bug 1242239 https://bugzilla.suse.com/1242241 SUSE Bug 1242241 https://bugzilla.suse.com/1242244 SUSE Bug 1242244 https://bugzilla.suse.com/1242245 SUSE Bug 1242245 https://bugzilla.suse.com/1242248 SUSE Bug 1242248 https://bugzilla.suse.com/1242261 SUSE Bug 1242261 https://bugzilla.suse.com/1242264 SUSE Bug 1242264 https://bugzilla.suse.com/1242265 SUSE Bug 1242265 https://bugzilla.suse.com/1242270 SUSE Bug 1242270 https://bugzilla.suse.com/1242276 SUSE Bug 1242276 https://bugzilla.suse.com/1242279 SUSE Bug 1242279 https://bugzilla.suse.com/1242280 SUSE Bug 1242280 https://bugzilla.suse.com/1242281 SUSE Bug 1242281 https://bugzilla.suse.com/1242282 SUSE Bug 1242282 https://bugzilla.suse.com/1242284 SUSE Bug 1242284 https://bugzilla.suse.com/1242285 SUSE Bug 1242285 https://bugzilla.suse.com/1242289 SUSE Bug 1242289 https://bugzilla.suse.com/1242294 SUSE Bug 1242294 https://bugzilla.suse.com/1242305 SUSE Bug 1242305 https://bugzilla.suse.com/1242312 SUSE Bug 1242312 https://bugzilla.suse.com/1242320 SUSE Bug 1242320 https://bugzilla.suse.com/1242338 SUSE Bug 1242338 https://bugzilla.suse.com/1242352 SUSE Bug 1242352 https://bugzilla.suse.com/1242353 SUSE Bug 1242353 https://bugzilla.suse.com/1242355 SUSE Bug 1242355 https://bugzilla.suse.com/1242357 SUSE Bug 1242357 https://bugzilla.suse.com/1242358 SUSE Bug 1242358 https://bugzilla.suse.com/1242361 SUSE Bug 1242361 https://bugzilla.suse.com/1242365 SUSE Bug 1242365 https://bugzilla.suse.com/1242366 SUSE Bug 1242366 https://bugzilla.suse.com/1242369 SUSE Bug 1242369 https://bugzilla.suse.com/1242370 SUSE Bug 1242370 https://bugzilla.suse.com/1242371 SUSE Bug 1242371 https://bugzilla.suse.com/1242372 SUSE Bug 1242372 https://bugzilla.suse.com/1242377 SUSE Bug 1242377 https://bugzilla.suse.com/1242378 SUSE Bug 1242378 https://bugzilla.suse.com/1242380 SUSE Bug 1242380 https://bugzilla.suse.com/1242382 SUSE Bug 1242382 https://bugzilla.suse.com/1242385 SUSE Bug 1242385 https://bugzilla.suse.com/1242387 SUSE Bug 1242387 https://bugzilla.suse.com/1242389 SUSE Bug 1242389 https://bugzilla.suse.com/1242391 SUSE Bug 1242391 https://bugzilla.suse.com/1242392 SUSE Bug 1242392 https://bugzilla.suse.com/1242394 SUSE Bug 1242394 https://bugzilla.suse.com/1242398 SUSE Bug 1242398 https://bugzilla.suse.com/1242399 SUSE Bug 1242399 https://bugzilla.suse.com/1242402 SUSE Bug 1242402 https://bugzilla.suse.com/1242403 SUSE Bug 1242403 https://bugzilla.suse.com/1242409 SUSE Bug 1242409 https://bugzilla.suse.com/1242411 SUSE Bug 1242411 https://bugzilla.suse.com/1242415 SUSE Bug 1242415 https://bugzilla.suse.com/1242416 SUSE Bug 1242416 https://bugzilla.suse.com/1242421 SUSE Bug 1242421 https://bugzilla.suse.com/1242422 SUSE Bug 1242422 https://bugzilla.suse.com/1242426 SUSE Bug 1242426 https://bugzilla.suse.com/1242428 SUSE Bug 1242428 https://bugzilla.suse.com/1242440 SUSE Bug 1242440 https://bugzilla.suse.com/1242443 SUSE Bug 1242443 https://bugzilla.suse.com/1242449 SUSE Bug 1242449 https://bugzilla.suse.com/1242452 SUSE Bug 1242452 https://bugzilla.suse.com/1242453 SUSE Bug 1242453 https://bugzilla.suse.com/1242454 SUSE Bug 1242454 https://bugzilla.suse.com/1242455 SUSE Bug 1242455 https://bugzilla.suse.com/1242456 SUSE Bug 1242456 https://bugzilla.suse.com/1242458 SUSE Bug 1242458 https://bugzilla.suse.com/1242464 SUSE Bug 1242464 https://bugzilla.suse.com/1242467 SUSE Bug 1242467 https://bugzilla.suse.com/1242469 SUSE Bug 1242469 https://bugzilla.suse.com/1242473 SUSE Bug 1242473 https://bugzilla.suse.com/1242478 SUSE Bug 1242478 https://bugzilla.suse.com/1242481 SUSE Bug 1242481 https://bugzilla.suse.com/1242484 SUSE Bug 1242484 https://bugzilla.suse.com/1242489 SUSE Bug 1242489 https://bugzilla.suse.com/1242493 SUSE Bug 1242493 https://bugzilla.suse.com/1242497 SUSE Bug 1242497 https://bugzilla.suse.com/1242527 SUSE Bug 1242527 https://bugzilla.suse.com/1242542 SUSE Bug 1242542 https://bugzilla.suse.com/1242544 SUSE Bug 1242544 https://bugzilla.suse.com/1242545 SUSE Bug 1242545 https://bugzilla.suse.com/1242547 SUSE Bug 1242547 https://bugzilla.suse.com/1242548 SUSE Bug 1242548 https://bugzilla.suse.com/1242549 SUSE Bug 1242549 https://bugzilla.suse.com/1242550 SUSE Bug 1242550 https://bugzilla.suse.com/1242551 SUSE Bug 1242551 https://bugzilla.suse.com/1242558 SUSE Bug 1242558 https://bugzilla.suse.com/1242570 SUSE Bug 1242570 https://bugzilla.suse.com/1242580 SUSE Bug 1242580 https://bugzilla.suse.com/1242586 SUSE Bug 1242586 https://bugzilla.suse.com/1242589 SUSE Bug 1242589 https://bugzilla.suse.com/1242596 SUSE Bug 1242596 https://bugzilla.suse.com/1242597 SUSE Bug 1242597 https://bugzilla.suse.com/1242685 SUSE Bug 1242685 https://bugzilla.suse.com/1242686 SUSE Bug 1242686 https://bugzilla.suse.com/1242688 SUSE Bug 1242688 https://bugzilla.suse.com/1242689 SUSE Bug 1242689 https://bugzilla.suse.com/1242695 SUSE Bug 1242695 https://bugzilla.suse.com/1242716 SUSE Bug 1242716 https://bugzilla.suse.com/1242733 SUSE Bug 1242733 https://bugzilla.suse.com/1242734 SUSE Bug 1242734 https://bugzilla.suse.com/1242735 SUSE Bug 1242735 https://bugzilla.suse.com/1242736 SUSE Bug 1242736 https://bugzilla.suse.com/1242739 SUSE Bug 1242739 https://bugzilla.suse.com/1242743 SUSE Bug 1242743 https://bugzilla.suse.com/1242744 SUSE Bug 1242744 https://bugzilla.suse.com/1242745 SUSE Bug 1242745 https://bugzilla.suse.com/1242746 SUSE Bug 1242746 https://bugzilla.suse.com/1242747 SUSE Bug 1242747 https://bugzilla.suse.com/1242749 SUSE Bug 1242749 https://bugzilla.suse.com/1242752 SUSE Bug 1242752 https://bugzilla.suse.com/1242753 SUSE Bug 1242753 https://bugzilla.suse.com/1242756 SUSE Bug 1242756 https://bugzilla.suse.com/1242759 SUSE Bug 1242759 https://bugzilla.suse.com/1242762 SUSE Bug 1242762 https://bugzilla.suse.com/1242765 SUSE Bug 1242765 https://bugzilla.suse.com/1242767 SUSE Bug 1242767 https://bugzilla.suse.com/1242778 SUSE Bug 1242778 https://bugzilla.suse.com/1242779 SUSE Bug 1242779 https://bugzilla.suse.com/1242790 SUSE Bug 1242790 https://bugzilla.suse.com/1242791 SUSE Bug 1242791 https://bugzilla.suse.com/1243047 SUSE Bug 1243047 https://bugzilla.suse.com/1243133 SUSE Bug 1243133 https://bugzilla.suse.com/1243649 SUSE Bug 1243649 https://bugzilla.suse.com/1243660 SUSE Bug 1243660 https://bugzilla.suse.com/1243737 SUSE Bug 1243737 https://bugzilla.suse.com/1243919 SUSE Bug 1243919 https://www.suse.com/security/cve/CVE-2022-3564/ SUSE CVE CVE-2022-3564 page https://www.suse.com/security/cve/CVE-2022-3619/ SUSE CVE CVE-2022-3619 page https://www.suse.com/security/cve/CVE-2022-3640/ SUSE CVE CVE-2022-3640 page https://www.suse.com/security/cve/CVE-2022-49110/ SUSE CVE CVE-2022-49110 page https://www.suse.com/security/cve/CVE-2022-49139/ SUSE CVE CVE-2022-49139 page https://www.suse.com/security/cve/CVE-2022-49767/ SUSE CVE CVE-2022-49767 page https://www.suse.com/security/cve/CVE-2022-49769/ SUSE CVE CVE-2022-49769 page https://www.suse.com/security/cve/CVE-2022-49770/ SUSE CVE CVE-2022-49770 page https://www.suse.com/security/cve/CVE-2022-49771/ SUSE CVE CVE-2022-49771 page https://www.suse.com/security/cve/CVE-2022-49772/ SUSE CVE CVE-2022-49772 page https://www.suse.com/security/cve/CVE-2022-49775/ SUSE CVE CVE-2022-49775 page https://www.suse.com/security/cve/CVE-2022-49776/ SUSE CVE CVE-2022-49776 page https://www.suse.com/security/cve/CVE-2022-49777/ SUSE CVE CVE-2022-49777 page https://www.suse.com/security/cve/CVE-2022-49779/ SUSE CVE CVE-2022-49779 page https://www.suse.com/security/cve/CVE-2022-49783/ SUSE CVE CVE-2022-49783 page https://www.suse.com/security/cve/CVE-2022-49787/ SUSE CVE CVE-2022-49787 page https://www.suse.com/security/cve/CVE-2022-49788/ SUSE CVE CVE-2022-49788 page https://www.suse.com/security/cve/CVE-2022-49789/ SUSE CVE CVE-2022-49789 page https://www.suse.com/security/cve/CVE-2022-49790/ SUSE CVE CVE-2022-49790 page https://www.suse.com/security/cve/CVE-2022-49792/ SUSE CVE CVE-2022-49792 page https://www.suse.com/security/cve/CVE-2022-49793/ SUSE CVE CVE-2022-49793 page https://www.suse.com/security/cve/CVE-2022-49794/ SUSE CVE CVE-2022-49794 page https://www.suse.com/security/cve/CVE-2022-49796/ SUSE CVE CVE-2022-49796 page https://www.suse.com/security/cve/CVE-2022-49797/ SUSE CVE CVE-2022-49797 page https://www.suse.com/security/cve/CVE-2022-49799/ SUSE CVE CVE-2022-49799 page https://www.suse.com/security/cve/CVE-2022-49800/ SUSE CVE CVE-2022-49800 page https://www.suse.com/security/cve/CVE-2022-49801/ SUSE CVE CVE-2022-49801 page https://www.suse.com/security/cve/CVE-2022-49802/ SUSE CVE CVE-2022-49802 page https://www.suse.com/security/cve/CVE-2022-49807/ SUSE CVE CVE-2022-49807 page https://www.suse.com/security/cve/CVE-2022-49809/ SUSE CVE CVE-2022-49809 page https://www.suse.com/security/cve/CVE-2022-49810/ SUSE CVE CVE-2022-49810 page https://www.suse.com/security/cve/CVE-2022-49812/ SUSE CVE CVE-2022-49812 page https://www.suse.com/security/cve/CVE-2022-49813/ SUSE CVE CVE-2022-49813 page https://www.suse.com/security/cve/CVE-2022-49818/ SUSE CVE CVE-2022-49818 page https://www.suse.com/security/cve/CVE-2022-49821/ SUSE CVE CVE-2022-49821 page https://www.suse.com/security/cve/CVE-2022-49822/ SUSE CVE CVE-2022-49822 page https://www.suse.com/security/cve/CVE-2022-49823/ SUSE CVE CVE-2022-49823 page https://www.suse.com/security/cve/CVE-2022-49824/ SUSE CVE CVE-2022-49824 page https://www.suse.com/security/cve/CVE-2022-49825/ SUSE CVE CVE-2022-49825 page https://www.suse.com/security/cve/CVE-2022-49826/ SUSE CVE CVE-2022-49826 page https://www.suse.com/security/cve/CVE-2022-49827/ SUSE CVE CVE-2022-49827 page https://www.suse.com/security/cve/CVE-2022-49830/ SUSE CVE CVE-2022-49830 page https://www.suse.com/security/cve/CVE-2022-49832/ SUSE CVE CVE-2022-49832 page https://www.suse.com/security/cve/CVE-2022-49834/ SUSE CVE CVE-2022-49834 page https://www.suse.com/security/cve/CVE-2022-49835/ SUSE CVE CVE-2022-49835 page https://www.suse.com/security/cve/CVE-2022-49836/ SUSE CVE CVE-2022-49836 page https://www.suse.com/security/cve/CVE-2022-49839/ SUSE CVE CVE-2022-49839 page https://www.suse.com/security/cve/CVE-2022-49841/ SUSE CVE CVE-2022-49841 page https://www.suse.com/security/cve/CVE-2022-49842/ SUSE CVE CVE-2022-49842 page https://www.suse.com/security/cve/CVE-2022-49845/ SUSE CVE CVE-2022-49845 page https://www.suse.com/security/cve/CVE-2022-49846/ SUSE CVE CVE-2022-49846 page https://www.suse.com/security/cve/CVE-2022-49850/ SUSE CVE CVE-2022-49850 page https://www.suse.com/security/cve/CVE-2022-49853/ SUSE CVE CVE-2022-49853 page https://www.suse.com/security/cve/CVE-2022-49858/ SUSE CVE CVE-2022-49858 page https://www.suse.com/security/cve/CVE-2022-49860/ SUSE CVE CVE-2022-49860 page https://www.suse.com/security/cve/CVE-2022-49861/ SUSE CVE CVE-2022-49861 page https://www.suse.com/security/cve/CVE-2022-49863/ SUSE CVE CVE-2022-49863 page https://www.suse.com/security/cve/CVE-2022-49864/ SUSE CVE CVE-2022-49864 page https://www.suse.com/security/cve/CVE-2022-49865/ SUSE CVE CVE-2022-49865 page https://www.suse.com/security/cve/CVE-2022-49868/ SUSE CVE CVE-2022-49868 page https://www.suse.com/security/cve/CVE-2022-49869/ SUSE CVE CVE-2022-49869 page https://www.suse.com/security/cve/CVE-2022-49870/ SUSE CVE CVE-2022-49870 page https://www.suse.com/security/cve/CVE-2022-49871/ SUSE CVE CVE-2022-49871 page https://www.suse.com/security/cve/CVE-2022-49874/ SUSE CVE CVE-2022-49874 page https://www.suse.com/security/cve/CVE-2022-49879/ SUSE CVE CVE-2022-49879 page https://www.suse.com/security/cve/CVE-2022-49880/ SUSE CVE CVE-2022-49880 page https://www.suse.com/security/cve/CVE-2022-49881/ SUSE CVE CVE-2022-49881 page https://www.suse.com/security/cve/CVE-2022-49885/ SUSE CVE CVE-2022-49885 page https://www.suse.com/security/cve/CVE-2022-49887/ SUSE CVE CVE-2022-49887 page https://www.suse.com/security/cve/CVE-2022-49888/ SUSE CVE CVE-2022-49888 page https://www.suse.com/security/cve/CVE-2022-49889/ SUSE CVE CVE-2022-49889 page https://www.suse.com/security/cve/CVE-2022-49890/ SUSE CVE CVE-2022-49890 page https://www.suse.com/security/cve/CVE-2022-49891/ SUSE CVE CVE-2022-49891 page https://www.suse.com/security/cve/CVE-2022-49892/ SUSE CVE CVE-2022-49892 page https://www.suse.com/security/cve/CVE-2022-49900/ SUSE CVE CVE-2022-49900 page https://www.suse.com/security/cve/CVE-2022-49905/ SUSE CVE CVE-2022-49905 page https://www.suse.com/security/cve/CVE-2022-49906/ SUSE CVE CVE-2022-49906 page https://www.suse.com/security/cve/CVE-2022-49908/ SUSE CVE CVE-2022-49908 page https://www.suse.com/security/cve/CVE-2022-49909/ SUSE CVE CVE-2022-49909 page https://www.suse.com/security/cve/CVE-2022-49910/ SUSE CVE CVE-2022-49910 page https://www.suse.com/security/cve/CVE-2022-49915/ SUSE CVE CVE-2022-49915 page https://www.suse.com/security/cve/CVE-2022-49916/ SUSE CVE CVE-2022-49916 page https://www.suse.com/security/cve/CVE-2022-49922/ SUSE CVE CVE-2022-49922 page https://www.suse.com/security/cve/CVE-2022-49923/ SUSE CVE CVE-2022-49923 page https://www.suse.com/security/cve/CVE-2022-49924/ SUSE CVE CVE-2022-49924 page https://www.suse.com/security/cve/CVE-2022-49925/ SUSE CVE CVE-2022-49925 page https://www.suse.com/security/cve/CVE-2022-49927/ SUSE CVE CVE-2022-49927 page https://www.suse.com/security/cve/CVE-2022-49928/ SUSE CVE CVE-2022-49928 page https://www.suse.com/security/cve/CVE-2022-49931/ SUSE CVE CVE-2022-49931 page https://www.suse.com/security/cve/CVE-2023-1990/ SUSE CVE CVE-2023-1990 page https://www.suse.com/security/cve/CVE-2023-53035/ SUSE CVE CVE-2023-53035 page https://www.suse.com/security/cve/CVE-2023-53038/ SUSE CVE CVE-2023-53038 page https://www.suse.com/security/cve/CVE-2023-53039/ SUSE CVE CVE-2023-53039 page https://www.suse.com/security/cve/CVE-2023-53040/ SUSE CVE CVE-2023-53040 page https://www.suse.com/security/cve/CVE-2023-53041/ SUSE CVE CVE-2023-53041 page https://www.suse.com/security/cve/CVE-2023-53044/ SUSE CVE CVE-2023-53044 page https://www.suse.com/security/cve/CVE-2023-53045/ SUSE CVE CVE-2023-53045 page https://www.suse.com/security/cve/CVE-2023-53049/ SUSE CVE CVE-2023-53049 page https://www.suse.com/security/cve/CVE-2023-53051/ SUSE CVE CVE-2023-53051 page https://www.suse.com/security/cve/CVE-2023-53052/ SUSE CVE CVE-2023-53052 page https://www.suse.com/security/cve/CVE-2023-53054/ SUSE CVE CVE-2023-53054 page https://www.suse.com/security/cve/CVE-2023-53056/ SUSE CVE CVE-2023-53056 page https://www.suse.com/security/cve/CVE-2023-53058/ SUSE CVE CVE-2023-53058 page https://www.suse.com/security/cve/CVE-2023-53059/ SUSE CVE CVE-2023-53059 page https://www.suse.com/security/cve/CVE-2023-53060/ SUSE CVE CVE-2023-53060 page https://www.suse.com/security/cve/CVE-2023-53062/ SUSE CVE CVE-2023-53062 page https://www.suse.com/security/cve/CVE-2023-53064/ SUSE CVE CVE-2023-53064 page https://www.suse.com/security/cve/CVE-2023-53065/ SUSE CVE CVE-2023-53065 page https://www.suse.com/security/cve/CVE-2023-53066/ SUSE CVE CVE-2023-53066 page https://www.suse.com/security/cve/CVE-2023-53068/ SUSE CVE CVE-2023-53068 page https://www.suse.com/security/cve/CVE-2023-53075/ SUSE CVE CVE-2023-53075 page https://www.suse.com/security/cve/CVE-2023-53077/ SUSE CVE CVE-2023-53077 page https://www.suse.com/security/cve/CVE-2023-53078/ SUSE CVE CVE-2023-53078 page https://www.suse.com/security/cve/CVE-2023-53079/ SUSE CVE CVE-2023-53079 page https://www.suse.com/security/cve/CVE-2023-53081/ SUSE CVE CVE-2023-53081 page https://www.suse.com/security/cve/CVE-2023-53084/ SUSE CVE CVE-2023-53084 page https://www.suse.com/security/cve/CVE-2023-53087/ SUSE CVE CVE-2023-53087 page https://www.suse.com/security/cve/CVE-2023-53089/ SUSE CVE CVE-2023-53089 page https://www.suse.com/security/cve/CVE-2023-53090/ SUSE CVE CVE-2023-53090 page https://www.suse.com/security/cve/CVE-2023-53091/ SUSE CVE CVE-2023-53091 page https://www.suse.com/security/cve/CVE-2023-53092/ SUSE CVE CVE-2023-53092 page https://www.suse.com/security/cve/CVE-2023-53093/ SUSE CVE CVE-2023-53093 page https://www.suse.com/security/cve/CVE-2023-53096/ SUSE CVE CVE-2023-53096 page https://www.suse.com/security/cve/CVE-2023-53098/ SUSE CVE CVE-2023-53098 page https://www.suse.com/security/cve/CVE-2023-53099/ SUSE CVE CVE-2023-53099 page https://www.suse.com/security/cve/CVE-2023-53100/ SUSE CVE CVE-2023-53100 page https://www.suse.com/security/cve/CVE-2023-53101/ SUSE CVE CVE-2023-53101 page https://www.suse.com/security/cve/CVE-2023-53106/ SUSE CVE CVE-2023-53106 page https://www.suse.com/security/cve/CVE-2023-53108/ SUSE CVE CVE-2023-53108 page https://www.suse.com/security/cve/CVE-2023-53111/ SUSE CVE CVE-2023-53111 page https://www.suse.com/security/cve/CVE-2023-53114/ SUSE CVE CVE-2023-53114 page https://www.suse.com/security/cve/CVE-2023-53116/ SUSE CVE CVE-2023-53116 page https://www.suse.com/security/cve/CVE-2023-53118/ SUSE CVE CVE-2023-53118 page https://www.suse.com/security/cve/CVE-2023-53119/ SUSE CVE CVE-2023-53119 page https://www.suse.com/security/cve/CVE-2023-53123/ SUSE CVE CVE-2023-53123 page https://www.suse.com/security/cve/CVE-2023-53124/ SUSE CVE CVE-2023-53124 page https://www.suse.com/security/cve/CVE-2023-53125/ SUSE CVE CVE-2023-53125 page https://www.suse.com/security/cve/CVE-2023-53131/ SUSE CVE CVE-2023-53131 page https://www.suse.com/security/cve/CVE-2023-53134/ SUSE CVE CVE-2023-53134 page https://www.suse.com/security/cve/CVE-2023-53137/ SUSE CVE CVE-2023-53137 page https://www.suse.com/security/cve/CVE-2023-53139/ SUSE CVE CVE-2023-53139 page https://www.suse.com/security/cve/CVE-2023-53140/ SUSE CVE CVE-2023-53140 page https://www.suse.com/security/cve/CVE-2023-53142/ SUSE CVE CVE-2023-53142 page https://www.suse.com/security/cve/CVE-2023-53143/ SUSE CVE CVE-2023-53143 page https://www.suse.com/security/cve/CVE-2023-53145/ SUSE CVE CVE-2023-53145 page https://www.suse.com/security/cve/CVE-2024-53168/ SUSE CVE CVE-2024-53168 page https://www.suse.com/security/cve/CVE-2024-56558/ SUSE CVE CVE-2024-56558 page https://www.suse.com/security/cve/CVE-2025-21888/ SUSE CVE CVE-2025-21888 page https://www.suse.com/security/cve/CVE-2025-21999/ SUSE CVE CVE-2025-21999 page https://www.suse.com/security/cve/CVE-2025-22056/ SUSE CVE CVE-2025-22056 page https://www.suse.com/security/cve/CVE-2025-22060/ SUSE CVE CVE-2025-22060 page https://www.suse.com/security/cve/CVE-2025-23138/ SUSE CVE CVE-2025-23138 page https://www.suse.com/security/cve/CVE-2025-23145/ SUSE CVE CVE-2025-23145 page https://www.suse.com/security/cve/CVE-2025-37785/ SUSE CVE CVE-2025-37785 page https://www.suse.com/security/cve/CVE-2025-37789/ SUSE CVE CVE-2025-37789 page https://www.suse.com/security/cve/CVE-2025-37948/ SUSE CVE CVE-2025-37948 page https://www.suse.com/security/cve/CVE-2025-37963/ SUSE CVE CVE-2025-37963 page SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 cluster-md-kmp-rt-5.14.21-150400.15.121.1 dlm-kmp-rt-5.14.21-150400.15.121.1 gfs2-kmp-rt-5.14.21-150400.15.121.1 kernel-devel-rt-5.14.21-150400.15.121.1 kernel-rt-5.14.21-150400.15.121.1 kernel-rt-devel-5.14.21-150400.15.121.1 kernel-rt-extra-5.14.21-150400.15.121.1 kernel-rt-livepatch-5.14.21-150400.15.121.1 kernel-rt-livepatch-devel-5.14.21-150400.15.121.1 kernel-rt-optional-5.14.21-150400.15.121.1 kernel-rt_debug-5.14.21-150400.15.121.1 kernel-rt_debug-devel-5.14.21-150400.15.121.1 kernel-source-rt-5.14.21-150400.15.121.1 kernel-syms-rt-5.14.21-150400.15.121.1 kselftests-kmp-rt-5.14.21-150400.15.121.1 ocfs2-kmp-rt-5.14.21-150400.15.121.1 reiserfs-kmp-rt-5.14.21-150400.15.121.1 kernel-rt-5.14.21-150400.15.121.1 as a component of SUSE Linux Enterprise Micro 5.3 kernel-source-rt-5.14.21-150400.15.121.1 as a component of SUSE Linux Enterprise Micro 5.3 kernel-rt-5.14.21-150400.15.121.1 as a component of SUSE Linux Enterprise Micro 5.4 kernel-source-rt-5.14.21-150400.15.121.1 as a component of SUSE Linux Enterprise Micro 5.4 A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. CVE-2022-3564 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-3564.html CVE-2022-3564 https://bugzilla.suse.com/1206073 SUSE Bug 1206073 https://bugzilla.suse.com/1206314 SUSE Bug 1206314 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. CVE-2022-3619 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-3619.html CVE-2022-3619 https://bugzilla.suse.com/1204569 SUSE Bug 1204569 A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. CVE-2022-3640 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-3640.html CVE-2022-3640 https://bugzilla.suse.com/1204619 SUSE Bug 1204619 https://bugzilla.suse.com/1204624 SUSE Bug 1204624 https://bugzilla.suse.com/1209225 SUSE Bug 1209225 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49110 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49110.html CVE-2022-49110 https://bugzilla.suse.com/1237981 SUSE Bug 1237981 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, LE link type and a status that triggers the second case of the packet processing a NULL pointer dereference happens, as conn->link is NULL. CVE-2022-49139 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49139.html CVE-2022-49139 https://bugzilla.suse.com/1238032 SUSE Bug 1238032 In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is failing to interrupt already started kernel_read() from p9_fd_read() from p9_read_work() and/or kernel_write() from p9_fd_write() from p9_write_work() requests. Since p9_socket_open() sets O_NONBLOCK flag, p9_mux_poll_stop() does not need to interrupt kernel_read()/kernel_write(). However, since p9_fd_open() does not set O_NONBLOCK flag, but pipe blocks unless signal is pending, p9_mux_poll_stop() needs to interrupt kernel_read()/kernel_write() when the file descriptor refers to a pipe. In other words, pipe file descriptor needs to be handled as if socket file descriptor. We somehow need to interrupt kernel_read()/kernel_write() on pipes. A minimal change, which this patch is doing, is to set O_NONBLOCK flag from p9_fd_open(), for O_NONBLOCK flag does not affect reading/writing of regular files. But this approach changes O_NONBLOCK flag on userspace- supplied file descriptors (which might break userspace programs), and O_NONBLOCK flag could be changed by userspace. It would be possible to set O_NONBLOCK flag every time p9_fd_read()/p9_fd_write() is invoked, but still remains small race window for clearing O_NONBLOCK flag. If we don't want to manipulate O_NONBLOCK flag, we might be able to surround kernel_read()/kernel_write() with set_thread_flag(TIF_SIGPENDING) and recalc_sigpending(). Since p9_read_work()/p9_write_work() works are processed by kernel threads which process global system_wq workqueue, signals could not be delivered from remote threads when p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is called. Therefore, calling set_thread_flag(TIF_SIGPENDING)/recalc_sigpending() every time would be needed if we count on signals for making kernel_read()/kernel_write() non-blocking. [Dominique: add comment at Christian's suggestion] CVE-2022-49767 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49767.html CVE-2022-49767 https://bugzilla.suse.com/1242493 SUSE Bug 1242493 In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's very unlikely that this field would be corrupted on its own. Nevertheless it should be checked to avoid the possibility of messy mount errors due to bad calculations. It's always a fixed value based on the block size so we can just check that it's the expected value. Tested with: mkfs.gfs2 -O -p lock_nolock /dev/vdb for i in 0 -1 64 65 32 33; do gfs2_edit -p sb field sb_bsize_shift $i /dev/vdb mount /dev/vdb /mnt/test && umount /mnt/test done Before this patch we get a withdraw after [ 76.413681] gfs2: fsid=loop0.0: fatal: invalid metadata block [ 76.413681] bh = 19 (type: exp=5, found=4) [ 76.413681] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492 and with UBSAN configured we also get complaints like [ 76.373395] UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19 [ 76.373815] shift exponent 4294967287 is too large for 64-bit type 'long unsigned int' After the patch, these complaints don't appear, mount fails immediately and we get an explanation in dmesg. CVE-2022-49769 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49769.html CVE-2022-49769 https://bugzilla.suse.com/1242440 SUSE Bug 1242440 In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'first_realm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random use-after-free, BUG_ON, etc issues. CVE-2022-49770 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49770.html CVE-2022-49770 https://bugzilla.suse.com/1242597 SUSE Bug 1242597 In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the "dm_target_iterate(list_version_get_needed, &needed)" call and then will fill the space using the "dm_target_iterate(list_version_get_info, &iter_info)" call. Each of these calls locks the targets using the "down_read(&_lock)" and "up_read(&_lock)" calls, however between the first and second "dm_target_iterate" there is no lock held and the target modules can be loaded at this point, so the second "dm_target_iterate" call may need more space than what was the first "dm_target_iterate" returned. The code tries to handle this overflow (see the beginning of list_version_get_info), however this handling is incorrect. The code sets "param->data_size = param->data_start + needed" and "iter_info.end = (char *)vers+len" - "needed" is the size returned by the first dm_target_iterate call; "len" is the size of the buffer allocated by userspace. "len" may be greater than "needed"; in this case, the code will write up to "len" bytes into the buffer, however param->data_size is set to "needed", so it may write data past the param->data_size value. The ioctl interface copies only up to param->data_size into userspace, thus part of the result will be truncated. Fix this bug by setting "iter_info.end = (char *)vers + needed;" - this guarantees that the second "dm_target_iterate" call will write only up to the "needed" buffer and it will exit with "DM_BUFFER_FULL_FLAG" if it overflows the "needed" space - in this case, userspace will allocate a larger buffer and retry. Note that there is also a bug in list_version_get_needed - we need to add "strlen(tt->name) + 1" to the needed size, not "strlen(tt->name)". CVE-2022-49771 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49771.html CVE-2022-49771 https://bugzilla.suse.com/1242686 SUSE Bug 1242686 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port with snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened, but in reality, the NULL port may be seen when the device gives an invalid endpoint setup at the descriptor, hence the driver skips the allocation. That is, the check itself is valid and snd_BUG_ON() should be dropped from there. Otherwise it's confusing as if it were a real bug, as recently syzbot stumbled on it. CVE-2022-49772 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49772.html CVE-2022-49772 https://bugzilla.suse.com/1242147 SUSE Bug 1242147 In the Linux kernel, the following vulnerability has been resolved: tcp: cdg: allow tcp_cdg_release() to be called multiple times Apparently, mptcp is able to call tcp_disconnect() on an already disconnected flow. This is generally fine, unless current congestion control is CDG, because it might trigger a double-free [1] Instead of fixing MPTCP, and future bugs, we can make tcp_disconnect() more resilient. [1] BUG: KASAN: double-free in slab_free mm/slub.c:3539 [inline] BUG: KASAN: double-free in kfree+0xe2/0x580 mm/slub.c:4567 CPU: 0 PID: 3645 Comm: kworker/0:7 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: events mptcp_worker Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x2ba/0x719 mm/kasan/report.c:433 kasan_report_invalid_free+0x81/0x190 mm/kasan/report.c:462 ____kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:356 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1759 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785 slab_free mm/slub.c:3539 [inline] kfree+0xe2/0x580 mm/slub.c:4567 tcp_disconnect+0x980/0x1e20 net/ipv4/tcp.c:3145 __mptcp_close_ssk+0x5ca/0x7e0 net/mptcp/protocol.c:2327 mptcp_do_fastclose net/mptcp/protocol.c:2592 [inline] mptcp_worker+0x78c/0xff0 net/mptcp/protocol.c:2627 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 </TASK> Allocated by task 3671: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:437 [inline] ____kasan_kmalloc mm/kasan/common.c:516 [inline] ____kasan_kmalloc mm/kasan/common.c:475 [inline] __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525 kmalloc_array include/linux/slab.h:640 [inline] kcalloc include/linux/slab.h:671 [inline] tcp_cdg_init+0x10d/0x170 net/ipv4/tcp_cdg.c:380 tcp_init_congestion_control+0xab/0x550 net/ipv4/tcp_cong.c:193 tcp_reinit_congestion_control net/ipv4/tcp_cong.c:217 [inline] tcp_set_congestion_control+0x96c/0xaa0 net/ipv4/tcp_cong.c:391 do_tcp_setsockopt+0x505/0x2320 net/ipv4/tcp.c:3513 tcp_setsockopt+0xd4/0x100 net/ipv4/tcp.c:3801 mptcp_setsockopt+0x35f/0x2570 net/mptcp/sockopt.c:844 __sys_setsockopt+0x2d6/0x690 net/socket.c:2252 __do_sys_setsockopt net/socket.c:2263 [inline] __se_sys_setsockopt net/socket.c:2260 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2260 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 16: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:367 [inline] ____kasan_slab_free+0x166/0x1c0 mm/kasan/common.c:329 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1759 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785 slab_free mm/slub.c:3539 [inline] kfree+0xe2/0x580 mm/slub.c:4567 tcp_cleanup_congestion_control+0x70/0x120 net/ipv4/tcp_cong.c:226 tcp_v4_destroy_sock+0xdd/0x750 net/ipv4/tcp_ipv4.c:2254 tcp_v6_destroy_sock+0x11/0x20 net/ipv6/tcp_ipv6.c:1969 inet_csk_destroy_sock+0x196/0x440 net/ipv4/inet_connection_sock.c:1157 tcp_done+0x23b/0x340 net/ipv4/tcp.c:4649 tcp_rcv_state_process+0x40e7/0x4990 net/ipv4/tcp_input.c:6624 tcp_v6_do_rcv+0x3fc/0x13c0 net/ipv6/tcp_ipv6.c:1525 tcp_v6_rcv+0x2e8e/0x3830 net/ipv6/tcp_ipv6.c:1759 ip6_protocol_deliver_rcu+0x2db/0x1950 net/ipv6/ip6_input.c:439 ip6_input_finish+0x14c/0x2c0 net/ipv6/ip6_input.c:484 NF_HOOK include/linux/netfilter.h:302 [inline] NF_HOOK include/linux/netfilter.h:296 [inline] ip6_input+0x9c/0xd ---truncated--- CVE-2022-49775 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49775.html CVE-2022-49775 https://bugzilla.suse.com/1242245 SUSE Bug 1242245 https://bugzilla.suse.com/1242257 SUSE Bug 1242257 In the Linux kernel, the following vulnerability has been resolved: macvlan: enforce a consistent minimal mtu macvlan should enforce a minimal mtu of 68, even at link creation. This patch avoids the current behavior (which could lead to crashes in ipv6 stack if the link is brought up) $ ip link add macvlan1 link eno1 mtu 8 type macvlan # This should fail ! $ ip link sh dev macvlan1 5: macvlan1@eno1: <BROADCAST,MULTICAST> mtu 8 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 02:47:6c:24:74:82 brd ff:ff:ff:ff:ff:ff $ ip link set macvlan1 mtu 67 Error: mtu less than device minimum. $ ip link set macvlan1 mtu 68 $ ip link set macvlan1 mtu 8 Error: mtu less than device minimum. CVE-2022-49776 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49776.html CVE-2022-49776 https://bugzilla.suse.com/1242248 SUSE Bug 1242248 In the Linux kernel, the following vulnerability has been resolved: Input: i8042 - fix leaking of platform device on module removal Avoid resetting the module-wide i8042_platform_device pointer in i8042_probe() or i8042_remove(), so that the device can be properly destroyed by i8042_exit() on module unload. CVE-2022-49777 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49777.html CVE-2022-49777 https://bugzilla.suse.com/1242232 SUSE Bug 1242232 In the Linux kernel, the following vulnerability has been resolved: kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case In __unregister_kprobe_top(), if the currently unregistered probe has post_handler but other child probes of the aggrprobe do not have post_handler, the post_handler of the aggrprobe is cleared. If this is a ftrace-based probe, there is a problem. In later calls to disarm_kprobe(), we will use kprobe_ftrace_ops because post_handler is NULL. But we're armed with kprobe_ipmodify_ops. This triggers a WARN in __disarm_kprobe_ftrace() and may even cause use-after-free: Failed to disarm kprobe-ftrace at kernel_clone+0x0/0x3c0 (error -2) WARNING: CPU: 5 PID: 137 at kernel/kprobes.c:1135 __disarm_kprobe_ftrace.isra.21+0xcf/0xe0 Modules linked in: testKprobe_007(-) CPU: 5 PID: 137 Comm: rmmod Not tainted 6.1.0-rc4-dirty #18 [...] Call Trace: <TASK> __disable_kprobe+0xcd/0xe0 __unregister_kprobe_top+0x12/0x150 ? mutex_lock+0xe/0x30 unregister_kprobes.part.23+0x31/0xa0 unregister_kprobe+0x32/0x40 __x64_sys_delete_module+0x15e/0x260 ? do_user_addr_fault+0x2cd/0x6b0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] For the kprobe-on-ftrace case, we keep the post_handler setting to identify this aggrprobe armed with kprobe_ipmodify_ops. This way we can disarm it correctly. CVE-2022-49779 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49779.html CVE-2022-49779 https://bugzilla.suse.com/1242261 SUSE Bug 1242261 In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rt but the same issue also applies to the current preempt-rt tree. BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: systemd preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 Preemption disabled at: fpu_clone CPU: 6 PID: 1 Comm: systemd Tainted: G E (unreleased) Call Trace: <TASK> dump_stack_lvl ? fpu_clone __might_resched rt_spin_lock fpu_clone ? copy_thread ? copy_process ? shmem_alloc_inode ? kmem_cache_alloc ? kernel_clone ? __do_sys_clone ? do_syscall_64 ? __x64_sys_rt_sigprocmask ? syscall_exit_to_user_mode ? do_syscall_64 ? syscall_exit_to_user_mode ? do_syscall_64 ? syscall_exit_to_user_mode ? do_syscall_64 ? exc_page_fault ? entry_SYSCALL_64_after_hwframe </TASK> Mike says: The splat comes from fpu_inherit_perms() being called under fpregs_lock(), and us reaching the spin_lock_irq() therein due to fpu_state_size_dynamic() returning true despite static key __fpu_state_size_dynamic having never been enabled. Mike's assessment looks correct. fpregs_lock on a PREEMPT_RT kernel disables preemption so calling spin_lock_irq() in fpu_inherit_perms() is unsafe. This problem exists since commit 9e798e9aa14c ("x86/fpu: Prepare fpu_clone() for dynamically enabled features"). Even though the original bug report should not have enabled the paths at all, the bug still exists. fpregs_lock is necessary when editing the FPU registers or a task's FP state but it is not necessary for fpu_inherit_perms(). The only write of any FP state in fpu_inherit_perms() is for the new child which is not running yet and cannot context switch or be borrowed by a kernel thread yet. Hence, fpregs_lock is not protecting anything in the new child until clone() completes and can be dropped earlier. The siglock still needs to be acquired by fpu_inherit_perms() as the read of the parent's permissions has to be serialised. [ bp: Cleanup splat. ] CVE-2022-49783 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49783.html CVE-2022-49783 https://bugzilla.suse.com/1242312 SUSE Bug 1242312 In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for the returned pci_dev. We need to use pci_dev_put() to decrease the reference count before amd_probe() returns. There is no problem for the 'smbus_dev == NULL' branch because pci_dev_put() can also handle the NULL input parameter case. CVE-2022-49787 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49787.html CVE-2022-49787 https://bugzilla.suse.com/1242352 SUSE Bug 1242352 In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:169 vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431 vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925 vfs_ioctl fs/ioctl.c:51 ... Uninit was stored to memory at: kmemdup+0x74/0xb0 mm/util.c:131 dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271 vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339 qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940 vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488 vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927 ... Local variable ev created at: qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 Bytes 28-31 of 48 are uninitialized Memory access of size 48 starts at ffff888035155e00 Data copied to user address 0000000020000100 Use memset() to prevent the infoleaks. Also speculatively fix qp_notify_peer_local(), which may suffer from the same problem. CVE-2022-49788 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49788.html CVE-2022-49788 https://bugzilla.suse.com/1242353 SUSE Bug 1242353 In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and we need to remove the request from our internal hash table again (so we don't keep an invalid reference and use it when we free the request again). In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (signed and 32 bit wide), but the rest of the zfcp code (and the firmware specification) handles the ID as 'unsigned long'/'u64' (unsigned and 64 bit wide [s390x ELF ABI]). For one this has the obvious problem that when the ID grows past 32 bit (this can happen reasonably fast) it is truncated to 32 bit when storing it in the cache variable and so doesn't match the original ID anymore. The second less obvious problem is that even when the original ID has not yet grown past 32 bit, as soon as the 32nd bit is set in the original ID (0x80000000 = 2'147'483'648) we will have a mismatch when we cast it back to 'unsigned long'. As the cached variable is of a signed type, the compiler will choose a sign-extending instruction to load the 32 bit variable into a 64 bit register (e.g.: 'lgf %r11,188(%r15)'). So once we pass the cached variable into 'zfcp_reqlist_find_rm()' to remove the request again all the leading zeros will be flipped to ones to extend the sign and won't match the original ID anymore (this has been observed in practice). If we can't successfully remove the request from the hash table again after 'zfcp_qdio_send()' fails (this happens regularly when zfcp cannot notify the adapter about new work because the adapter is already gone during e.g. a ChpID toggle) we will end up with a double free. We unconditionally free the request in the calling function when 'zfcp_fsf_req_send()' fails, but because the request is still in the hash table we end up with a stale memory reference, and once the zfcp adapter is either reset during recovery or shutdown we end up freeing the same memory twice. The resulting stack traces vary depending on the kernel and have no direct correlation to the place where the bug occurs. Here are three examples that have been seen in practice: list_del corruption. next->prev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:62! monitor event: 0040 ilc:2 [#1] PREEMPT SMP Modules linked in: ... CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded Hardware name: ... Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6 0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8 00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800 00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70 Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336 00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8 #00000003cbeea1f4: af000000 mc 0,0 >00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78 00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48 00000003cbeea204: b9040043 lgr %r4,%r3 00000003cbeea208: b9040051 lgr %r5,%r1 00000003cbeea20c: b9040032 lgr %r3,%r2 Call Trace: [<00000003cbeea1f8>] __list_del_entry_valid+0x98/0x140 ([<00000003cbeea1f4>] __list_del_entry_valid+0x94/0x140) [<000003ff7ff502fe>] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp] [<000003ff7ff49cd0>] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp] ---truncated--- CVE-2022-49789 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49789.html CVE-2022-49789 https://bugzilla.suse.com/1242366 SUSE Bug 1242366 https://bugzilla.suse.com/1242376 SUSE Bug 1242376 In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read. CVE-2022-49790 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49790.html CVE-2022-49790 https://bugzilla.suse.com/1242387 SUSE Bug 1242387 In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fix potential array out of bound access Add sentinel at end of maps to avoid potential array out of bound access in iio core. CVE-2022-49792 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49792.html CVE-2022-49792 https://bugzilla.suse.com/1242389 SUSE Bug 1242389 In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() dev_set_name() allocates memory for name, it need be freed when device_add() fails, call put_device() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. Fault injection test can trigger this: unreferenced object 0xffff8e8340a7b4c0 (size 32): comm "modprobe", pid 243, jiffies 4294678145 (age 48.845s) hex dump (first 32 bytes): 69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65 iio_sysfs_trigge 72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff r..@............ backtrace: [<0000000074999de8>] __kmem_cache_alloc_node+0x1e9/0x360 [<00000000497fd30b>] __kmalloc_node_track_caller+0x44/0x1a0 [<000000003636c520>] kstrdup+0x2d/0x60 [<0000000032f84da2>] kobject_set_name_vargs+0x1e/0x90 [<0000000092efe493>] dev_set_name+0x4e/0x70 CVE-2022-49793 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49793.html CVE-2022-49793 https://bugzilla.suse.com/1242391 SUSE Bug 1242391 In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should call iio_trigger_free() to give up the reference that hold in iio_trigger_alloc(), so that it can call iio_trig_release() to free memory when the refcount hit to 0. CVE-2022-49794 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49794.html CVE-2022-49794 https://bugzilla.suse.com/1242392 SUSE Bug 1242392 In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() When test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it will goto delete, which will call kprobe_event_delete() and release the corresponding resource. However, the trace_array in gen_kretprobe_test will point to the invalid resource. Set gen_kretprobe_test to NULL after called kprobe_event_delete() to prevent null-ptr-deref. BUG: kernel NULL pointer dereference, address: 0000000000000070 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 246 Comm: modprobe Tainted: G W 6.1.0-rc1-00174-g9522dc5c87da-dirty #248 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0 Code: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c 01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65 70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f RSP: 0018:ffffc9000159fe00 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000 RDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 R10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064 R13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000 FS: 00007f89eeff6540(0000) GS:ffff88813b600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __ftrace_set_clr_event+0x3e/0x60 trace_array_set_clr_event+0x35/0x50 ? 0xffffffffa0000000 kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test] __x64_sys_delete_module+0x206/0x380 ? lockdep_hardirqs_on_prepare+0xd8/0x190 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f89eeb061b7 CVE-2022-49796 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49796.html CVE-2022-49796 https://bugzilla.suse.com/1242305 SUSE Bug 1242305 In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() When trace_get_event_file() failed, gen_kretprobe_test will be assigned as the error code. If module kprobe_event_gen_test is removed now, the null pointer dereference will happen in kprobe_event_gen_test_exit(). Check if gen_kprobe_test or gen_kretprobe_test is error code or NULL before dereference them. BUG: kernel NULL pointer dereference, address: 0000000000000012 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 3 PID: 2210 Comm: modprobe Not tainted 6.1.0-rc1-00171-g2159299a3b74-dirty #217 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test] Code: Unable to access opcode bytes at 0xffffffff9ffffff2. RSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246 RAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000 RDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c RBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800 R13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __x64_sys_delete_module+0x206/0x380 ? lockdep_hardirqs_on_prepare+0xd8/0x190 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd CVE-2022-49797 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49797.html CVE-2022-49797 https://bugzilla.suse.com/1242320 SUSE Bug 1242320 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in register_synth_event() In register_synth_event(), if set_synth_event_print_fmt() failed, then both trace_remove_event_call() and unregister_trace_event() will be called, which means the trace_event_call will call __unregister_trace_event() twice. As the result, the second unregister will causes the wild-memory-access. register_synth_event set_synth_event_print_fmt failed trace_remove_event_call event_remove if call->event.funcs then __unregister_trace_event (first call) unregister_trace_event __unregister_trace_event (second call) Fix the bug by avoiding to call the second __unregister_trace_event() by checking if the first one is called. general protection fault, probably for non-canonical address 0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI KASAN: maybe wild-memory-access in range [0xdead000000000120-0xdead000000000127] CPU: 0 PID: 3807 Comm: modprobe Not tainted 6.1.0-rc1-00186-g76f33a7eedb4 #299 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:unregister_trace_event+0x6e/0x280 Code: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b RSP: 0018:ffff88810413f370 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000 RDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20 RBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481 R10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122 R13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028 FS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __create_synth_event+0x1e37/0x1eb0 create_or_delete_synth_event+0x110/0x250 synth_event_run_command+0x2f/0x110 test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test] synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test] do_one_initcall+0xdb/0x480 do_init_module+0x1cf/0x680 load_module+0x6a50/0x70a0 __do_sys_finit_module+0x12f/0x1c0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd CVE-2022-49799 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49799.html CVE-2022-49799 https://bugzilla.suse.com/1242264 SUSE Bug 1242264 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() test_gen_synth_cmd() only free buf in fail path, hence buf will leak when there is no failure. Add kfree(buf) to prevent the memleak. The same reason and solution in test_empty_synth_event(). unreferenced object 0xffff8881127de000 (size 2048): comm "modprobe", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_ backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<0000000039eb1cf5>] 0xffffffffa00083cd [<000000000e8c3bc8>] 0xffffffffa00086ba [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm "modprobe", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi backtrace: [<000000004254801a>] kmalloc_trace+0x26/0x100 [<00000000d4db9a3d>] 0xffffffffa0008071 [<00000000c31354a5>] 0xffffffffa00086ce [<00000000c293d1ea>] do_one_initcall+0xdb/0x480 [<00000000aa189e6d>] do_init_module+0x1cf/0x680 [<00000000d513222b>] load_module+0x6a50/0x70a0 [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0 [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90 [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd CVE-2022-49800 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49800.html CVE-2022-49800 https://bugzilla.suse.com/1242265 SUSE Bug 1242265 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in tracing_read_pipe() kmemleak reports this issue: unreferenced object 0xffff888105a18900 (size 128): comm "test_progs", pid 18933, jiffies 4336275356 (age 22801.766s) hex dump (first 32 bytes): 25 73 00 90 81 88 ff ff 26 05 00 00 42 01 58 04 %s......&...B.X. 03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000560143a1>] __kmalloc_node_track_caller+0x4a/0x140 [<000000006af00822>] krealloc+0x8d/0xf0 [<00000000c309be6a>] trace_iter_expand_format+0x99/0x150 [<000000005a53bdb6>] trace_check_vprintf+0x1e0/0x11d0 [<0000000065629d9d>] trace_event_printf+0xb6/0xf0 [<000000009a690dc7>] trace_raw_output_bpf_trace_printk+0x89/0xc0 [<00000000d22db172>] print_trace_line+0x73c/0x1480 [<00000000cdba76ba>] tracing_read_pipe+0x45c/0x9f0 [<0000000015b58459>] vfs_read+0x17b/0x7c0 [<000000004aeee8ed>] ksys_read+0xed/0x1c0 [<0000000063d3d898>] do_syscall_64+0x3b/0x90 [<00000000a06dda7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd iter->fmt alloced in tracing_read_pipe() -> .. ->trace_iter_expand_format(), but not freed, to fix, add free in tracing_release_pipe() CVE-2022-49801 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49801.html CVE-2022-49801 https://bugzilla.suse.com/1242338 SUSE Bug 1242338 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix null pointer dereference in ftrace_add_mod() The @ftrace_mod is allocated by kzalloc(), so both the members {prev,next} of @ftrace_mode->list are NULL, it's not a valid state to call list_del(). If kstrdup() for @ftrace_mod->{func|module} fails, it goes to @out_free tag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del() will write prev->next and next->prev, where null pointer dereference happens. BUG: kernel NULL pointer dereference, address: 0000000000000008 Oops: 0002 [#1] PREEMPT SMP NOPTI Call Trace: <TASK> ftrace_mod_callback+0x20d/0x220 ? do_filp_open+0xd9/0x140 ftrace_process_regex.isra.51+0xbf/0x130 ftrace_regex_write.isra.52.part.53+0x6e/0x90 vfs_write+0xee/0x3a0 ? __audit_filter_op+0xb1/0x100 ? auditd_test_task+0x38/0x50 ksys_write+0xa5/0xe0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Kernel panic - not syncing: Fatal exception So call INIT_LIST_HEAD() to initialize the list member to fix this issue. CVE-2022-49802 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49802.html CVE-2022-49802 https://bugzilla.suse.com/1242270 SUSE Bug 1242270 In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak in nvmet_auth_set_key When changing dhchap secrets we need to release the old secrets as well. kmemleak complaint: -- unreferenced object 0xffff8c7f44ed8180 (size 64): comm "check", pid 7304, jiffies 4295686133 (age 72034.246s) hex dump (first 32 bytes): 44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq 79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8 backtrace: [<00000000b6fc5071>] kstrdup+0x2e/0x60 [<00000000f0f4633f>] 0xffffffffc0e07ee6 [<0000000053006c05>] 0xffffffffc0dff783 [<00000000419ae922>] configfs_write_iter+0xb1/0x120 [<000000008183c424>] vfs_write+0x2be/0x3c0 [<000000009005a2a5>] ksys_write+0x5f/0xe0 [<00000000cd495c89>] do_syscall_64+0x38/0x90 [<00000000f2a84ac5>] entry_SYSCALL_64_after_hwframe+0x63/0xcd CVE-2022-49807 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49807.html CVE-2022-49807 https://bugzilla.suse.com/1242357 SUSE Bug 1242357 In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy of skb, the new skb should be freed in the undersized/fragmented skb error handling path. Otherwise there is a memory leak. CVE-2022-49809 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49809.html CVE-2022-49809 https://bugzilla.suse.com/1242402 SUSE Bug 1242402 In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarray whilst being under the RCU read lock. It *should* call xas_retry() as the first thing inside of the loop and do "continue" if it returns true in case the xarray walker passed out a special value indicating that the walk needs to be redone from the root[*]. Fix this by adding the missing retry checks. [*] I wonder if this should be done inside xas_find(), xas_next_node() and suchlike, but I'm told that's not an simple change to effect. This can cause an oops like that below. Note the faulting address - this is an internal value (|0x2) returned from xarray. BUG: kernel NULL pointer dereference, address: 0000000000000402 ... RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] ... Call Trace: netfs_rreq_assess+0xa6/0x240 [netfs] netfs_readpage+0x173/0x3b0 [netfs] ? init_wait_var_entry+0x50/0x50 filemap_read_page+0x33/0xf0 filemap_get_pages+0x2f2/0x3f0 filemap_read+0xaa/0x320 ? do_filp_open+0xb2/0x150 ? rmqueue+0x3be/0xe10 ceph_read_iter+0x1fe/0x680 [ceph] ? new_sync_read+0x115/0x1a0 new_sync_read+0x115/0x1a0 vfs_read+0xf3/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Changes: ======== ver #2) - Changed an unsigned int to a size_t to reduce the likelihood of an overflow as per Willy's suggestion. - Added an additional patch to fix the maths. CVE-2022-49810 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49810.html CVE-2022-49810 https://bugzilla.suse.com/1242489 SUSE Bug 1242489 In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is marked in the bridge driver with the 'BR_VLFLAG_ADDED_BY_SWITCHDEV' private flag. To avoid the memory leaks mentioned in the cited commit, the bridge driver will try to delete a VLAN via the 8021q driver if the VLAN is not marked with the previously mentioned flag. When the VLAN protocol of the bridge changes, switchdev drivers are notified via the 'SWITCHDEV_ATTR_ID_BRIDGE_VLAN_PROTOCOL' attribute, but the 8021q driver is also called to add the existing VLANs with the new protocol and delete them with the old protocol. In case the VLANs were offloaded via switchdev, the above behavior is both redundant and buggy. Redundant because the VLANs are already programmed in hardware and drivers that support VLAN protocol change (currently only mlx5) change the protocol upon the switchdev attribute notification. Buggy because the 8021q driver is called despite these VLANs being marked with 'BR_VLFLAG_ADDED_BY_SWITCHDEV'. This leads to memory leaks [1] when the VLANs are deleted. Fix by not calling the 8021q driver for VLANs that were already programmed via switchdev. [1] unreferenced object 0xffff8881f6771200 (size 256): comm "ip", pid 446855, jiffies 4298238841 (age 55.240s) hex dump (first 32 bytes): 00 00 7f 0e 83 88 ff ff 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000012819ac>] vlan_vid_add+0x437/0x750 [<00000000f2281fad>] __br_vlan_set_proto+0x289/0x920 [<000000000632b56f>] br_changelink+0x3d6/0x13f0 [<0000000089d25f04>] __rtnl_newlink+0x8ae/0x14c0 [<00000000f6276baf>] rtnl_newlink+0x5f/0x90 [<00000000746dc902>] rtnetlink_rcv_msg+0x336/0xa00 [<000000001c2241c0>] netlink_rcv_skb+0x11d/0x340 [<0000000010588814>] netlink_unicast+0x438/0x710 [<00000000e1a4cd5c>] netlink_sendmsg+0x788/0xc40 [<00000000e8992d4e>] sock_sendmsg+0xb0/0xe0 [<00000000621b8f91>] ____sys_sendmsg+0x4ff/0x6d0 [<000000000ea26996>] ___sys_sendmsg+0x12e/0x1b0 [<00000000684f7e25>] __sys_sendmsg+0xab/0x130 [<000000004538b104>] do_syscall_64+0x3d/0x90 [<0000000091ed9678>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 CVE-2022-49812 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49812.html CVE-2022-49812 https://bugzilla.suse.com/1242151 SUSE Bug 1242151 In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. CVE-2022-49813 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49813.html CVE-2022-49813 https://bugzilla.suse.com/1242497 SUSE Bug 1242497 In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize(). CVE-2022-49818 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49818.html CVE-2022-49818 https://bugzilla.suse.com/1242527 SUSE Bug 1242527 In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the kfree() is removed. list_del() is called in mISDN_dsp_dev_release(), so it need be initialized. CVE-2022-49821 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49821.html CVE-2022-49821 https://bugzilla.suse.com/1242542 SUSE Bug 1242542 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next mount with fsc, it will print the follow errors: CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST) Let's check the result of tlink setup, and do some cleanup. CVE-2022-49822 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49822.html CVE-2022-49822 https://bugzilla.suse.com/1242544 SUSE Bug 1242544 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x3a0 lr : device_del+0x44/0x3a0 Call trace: device_del+0x48/0x3a0 attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tdev_delete+0x24/0x50 [libata] ata_tlink_delete+0x40/0xa0 [libata] ata_tport_delete+0x2c/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Fix this by checking and handling return value of transport_add_device() in ata_tdev_add(). In the error path, device_del() is called to delete the device which was added earlier in this function, and ata_tdev_free() is called to free ata_dev. CVE-2022-49823 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49823.html CVE-2022-49823 https://bugzilla.suse.com/1242545 SUSE Bug 1242545 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Call trace: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tlink_delete+0x88/0xb0 [libata] ata_tport_delete+0x2c/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Fix this by checking and handling return value of transport_add_device() in ata_tlink_add(). CVE-2022-49824 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49824.html CVE-2022-49824 https://bugzilla.suse.com/1242547 SUSE Bug 1242547 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Call trace: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tport_delete+0x34/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Fix this by checking and handling return value of transport_add_device() in ata_tport_add(). CVE-2022-49825 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49825.html CVE-2022-49825 https://bugzilla.suse.com/1242548 SUSE Bug 1242548 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() is called again, the refcount is decreased to 0, ata_host_release() is called, all ports are freed and set to null. When unbinding the device after failure, ata_host_stop() is called to release the resources, it leads a null-ptr-deref(), because all the ports all freed and null. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ata_host_stop+0x3c/0x84 [libata] lr : release_nodes+0x64/0xd0 Call trace: ata_host_stop+0x3c/0x84 [libata] release_nodes+0x64/0xd0 devres_release_all+0xbc/0x1b0 device_unbind_cleanup+0x20/0x70 really_probe+0x158/0x320 __driver_probe_device+0x84/0x120 driver_probe_device+0x44/0x120 __driver_attach+0xb4/0x220 bus_for_each_dev+0x78/0xdc driver_attach+0x2c/0x40 bus_add_driver+0x184/0x240 driver_register+0x80/0x13c __pci_register_driver+0x4c/0x60 ahci_pci_driver_init+0x30/0x1000 [ahci] Fix this by removing redundant ata_host_put() in the error path. CVE-2022-49826 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49826.html CVE-2022-49826 https://bugzilla.suse.com/1242549 SUSE Bug 1242549 In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblank_init_release() as action. If __drmm_add_action() failed, will directly call drm_vblank_init_release() with the vblank whose worker is NULL. As the resule, a null-ptr-deref will happen in kthread_destroy_worker(). Add the NULL check before calling drm_vblank_destroy_worker(). BUG: null-ptr-deref KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty RIP: 0010:kthread_destroy_worker+0x25/0xb0 Call Trace: <TASK> drm_vblank_init_release+0x124/0x220 [drm] ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm] __drmm_add_action_or_reset+0x41/0x50 [drm] drm_vblank_init+0x282/0x310 [drm] vkms_init+0x35f/0x1000 [vkms] ? 0xffffffffc4508000 ? lock_is_held_type+0xd7/0x130 ? __kmem_cache_alloc_node+0x1c2/0x2b0 ? lock_is_held_type+0xd7/0x130 ? 0xffffffffc4508000 do_one_initcall+0xd0/0x4f0 ... do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 CVE-2022-49827 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49827.html CVE-2022-49827 https://bugzilla.suse.com/1242689 SUSE Bug 1242689 In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt added by device_get() in drm_dev_init() won't be put by drm_dev_init_release(), which leads to the memleak. Use drmm_add_action_or_reset() instead of drmm_add_action() to prevent memleak. unreferenced object 0xffff88810bc0c800 (size 2048): comm "modprobe", pid 8322, jiffies 4305809845 (age 15.292s) hex dump (first 32 bytes): e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................ 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<............. backtrace: [<000000007251f72d>] __kmalloc+0x4b/0x1c0 [<0000000045f21f26>] platform_device_alloc+0x2d/0xe0 [<000000004452a479>] platform_device_register_full+0x24/0x1c0 [<0000000089f4ea61>] 0xffffffffa0736051 [<00000000235b2441>] do_one_initcall+0x7a/0x380 [<0000000001a4a177>] do_init_module+0x5c/0x230 [<000000002bf8a8e2>] load_module+0x227d/0x2420 [<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140 [<00000000c99fc324>] do_syscall_64+0x3f/0x90 [<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd CVE-2022-49830 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49830.html CVE-2022-49830 https://bugzilla.suse.com/1242150 SUSE Bug 1242150 In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task python3/2640 Call Trace: strcmp __of_find_property of_find_property pinctrl_dt_to_map kasprintf() would return NULL pointer when kmalloc() fail to allocate. So directly return ENOMEM, if kasprintf() return NULL pointer. CVE-2022-49832 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49832.html CVE-2022-49832 https://bugzilla.suse.com/1242154 SUSE Bug 1242154 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is performed, detaching a log writer and synchronizing the filesystem can be done at the same time. In these cases, use-after-free of the log writer (hereinafter nilfs->ns_writer) can happen as shown in the scenario below: Task1 Task2 -------------------------------- ------------------------------ nilfs_construct_segment nilfs_segctor_sync init_wait init_waitqueue_entry add_wait_queue schedule nilfs_remount (R/W remount case) nilfs_attach_log_writer nilfs_detach_log_writer nilfs_segctor_destroy kfree finish_wait _raw_spin_lock_irqsave __raw_spin_lock_irqsave do_raw_spin_lock debug_spin_lock_before <-- use-after-free While Task1 is sleeping, nilfs->ns_writer is freed by Task2. After Task1 waked up, Task1 accesses nilfs->ns_writer which is already freed. This scenario diagram is based on the Shigeru Yoshida's post [1]. This patch fixes the issue by not detaching nilfs->ns_writer on remount so that this UAF race doesn't happen. Along with this change, this patch also inserts a few necessary read-only checks with superblock instance where only the ns_writer pointer was used to check if the filesystem is read-only. CVE-2022-49834 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49834.html CVE-2022-49834 https://bugzilla.suse.com/1242695 SUSE Bug 1242695 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call 'kobject_put' to recycling resources. CVE-2022-49835 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49835.html CVE-2022-49835 https://bugzilla.suse.com/1242385 SUSE Bug 1242385 In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and sdevice is freed in siox_device_release(), set it to null in error path. CVE-2022-49836 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49836.html CVE-2022-49836 https://bugzilla.suse.com/1242355 SUSE Bug 1242355 In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x54/0x3d0 lr : device_del+0x37c/0x3d0 Call trace: device_del+0x54/0x3d0 attribute_container_class_device_del+0x28/0x38 transport_remove_classdev+0x6c/0x80 attribute_container_device_trigger+0x108/0x110 transport_remove_device+0x28/0x38 sas_phy_delete+0x30/0x60 [scsi_transport_sas] do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas] device_for_each_child+0x68/0xb0 sas_remove_children+0x40/0x50 [scsi_transport_sas] sas_remove_host+0x20/0x38 [scsi_transport_sas] hisi_sas_remove+0x40/0x68 [hisi_sas_main] hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw] platform_remove+0x2c/0x60 Fix this by checking and handling return value of transport_add_device() in sas_phy_add(). CVE-2022-49839 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49839.html CVE-2022-49839 https://bugzilla.suse.com/1242443 SUSE Bug 1242443 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49841 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49841.html CVE-2022-49841 https://bugzilla.suse.com/1242473 SUSE Bug 1242473 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49842 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49842.html CVE-2022-49842 https://bugzilla.suse.com/1242484 SUSE Bug 1242484 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49845 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49845.html CVE-2022-49845 https://bugzilla.suse.com/1243133 SUSE Bug 1243133 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49846 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49846.html CVE-2022-49846 https://bugzilla.suse.com/1242716 SUSE Bug 1242716 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49850 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49850.html CVE-2022-49850 https://bugzilla.suse.com/1242164 SUSE Bug 1242164 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49853 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49853.html CVE-2022-49853 https://bugzilla.suse.com/1242688 SUSE Bug 1242688 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49858 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49858.html CVE-2022-49858 https://bugzilla.suse.com/1242589 SUSE Bug 1242589 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49860 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49860.html CVE-2022-49860 https://bugzilla.suse.com/1242586 SUSE Bug 1242586 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49861 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49861.html CVE-2022-49861 https://bugzilla.suse.com/1242580 SUSE Bug 1242580 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49863 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49863.html CVE-2022-49863 https://bugzilla.suse.com/1242169 SUSE Bug 1242169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49864 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49864.html CVE-2022-49864 https://bugzilla.suse.com/1242685 SUSE Bug 1242685 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49865 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49865.html CVE-2022-49865 https://bugzilla.suse.com/1242570 SUSE Bug 1242570 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49868 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49868.html CVE-2022-49868 https://bugzilla.suse.com/1242550 SUSE Bug 1242550 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49869 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49869.html CVE-2022-49869 https://bugzilla.suse.com/1242158 SUSE Bug 1242158 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49870 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49870.html CVE-2022-49870 https://bugzilla.suse.com/1242551 SUSE Bug 1242551 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49871 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49871.html CVE-2022-49871 https://bugzilla.suse.com/1242558 SUSE Bug 1242558 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49874 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49874.html CVE-2022-49874 https://bugzilla.suse.com/1242478 SUSE Bug 1242478 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49879 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49879.html CVE-2022-49879 https://bugzilla.suse.com/1242733 SUSE Bug 1242733 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49880 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49880.html CVE-2022-49880 https://bugzilla.suse.com/1242734 SUSE Bug 1242734 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49881 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49881.html CVE-2022-49881 https://bugzilla.suse.com/1242481 SUSE Bug 1242481 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49885 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49885.html CVE-2022-49885 https://bugzilla.suse.com/1242735 SUSE Bug 1242735 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49887 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49887.html CVE-2022-49887 https://bugzilla.suse.com/1242736 SUSE Bug 1242736 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49888 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49888.html CVE-2022-49888 https://bugzilla.suse.com/1242458 SUSE Bug 1242458 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49889 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49889.html CVE-2022-49889 https://bugzilla.suse.com/1242455 SUSE Bug 1242455 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49890 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49890.html CVE-2022-49890 https://bugzilla.suse.com/1242469 SUSE Bug 1242469 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49891 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49891.html CVE-2022-49891 https://bugzilla.suse.com/1242456 SUSE Bug 1242456 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49892 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49892.html CVE-2022-49892 https://bugzilla.suse.com/1242449 SUSE Bug 1242449 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49900 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49900.html CVE-2022-49900 https://bugzilla.suse.com/1242454 SUSE Bug 1242454 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49905 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49905.html CVE-2022-49905 https://bugzilla.suse.com/1242467 SUSE Bug 1242467 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49906 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49906.html CVE-2022-49906 https://bugzilla.suse.com/1242464 SUSE Bug 1242464 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49908 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49908.html CVE-2022-49908 https://bugzilla.suse.com/1242157 SUSE Bug 1242157 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49909 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49909.html CVE-2022-49909 https://bugzilla.suse.com/1242453 SUSE Bug 1242453 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49910 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49910.html CVE-2022-49910 https://bugzilla.suse.com/1242452 SUSE Bug 1242452 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49915 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49915.html CVE-2022-49915 https://bugzilla.suse.com/1242409 SUSE Bug 1242409 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49916 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49916.html CVE-2022-49916 https://bugzilla.suse.com/1242421 SUSE Bug 1242421 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49922 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49922.html CVE-2022-49922 https://bugzilla.suse.com/1242378 SUSE Bug 1242378 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49923 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49923.html CVE-2022-49923 https://bugzilla.suse.com/1242394 SUSE Bug 1242394 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49924 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49924.html CVE-2022-49924 https://bugzilla.suse.com/1242426 SUSE Bug 1242426 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49925 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49925.html CVE-2022-49925 https://bugzilla.suse.com/1242371 SUSE Bug 1242371 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49927 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49927.html CVE-2022-49927 https://bugzilla.suse.com/1242416 SUSE Bug 1242416 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49928 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49928.html CVE-2022-49928 https://bugzilla.suse.com/1242369 SUSE Bug 1242369 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49931 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2022-49931.html CVE-2022-49931 https://bugzilla.suse.com/1242382 SUSE Bug 1242382 A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. CVE-2023-1990 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-1990.html CVE-2023-1990 https://bugzilla.suse.com/1210337 SUSE Bug 1210337 https://bugzilla.suse.com/1210501 SUSE Bug 1210501 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioctl commands NILFS_IOCTL_GET_SUINFO and NILFS_IOCTL_GET_CPINFO. This can occur when the element size of the user space metadata given by the v_size member of the argument nilfs_argv structure is larger than the size of the metadata element (nilfs_suinfo structure or nilfs_cpinfo structure) on the file system side. KMSAN-enabled kernels detect this issue as follows: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc0/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xc0/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] nilfs_ioctl_wrap_copy+0x6fa/0xc10 fs/nilfs2/ioctl.c:99 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9f6/0xe90 mm/page_alloc.c:5572 alloc_pages+0xab0/0xd80 mm/mempolicy.c:2287 __get_free_pages+0x34/0xc0 mm/page_alloc.c:5599 nilfs_ioctl_wrap_copy+0x223/0xc10 fs/nilfs2/ioctl.c:74 nilfs_ioctl_get_info fs/nilfs2/ioctl.c:1173 [inline] nilfs_ioctl+0x2402/0x4450 fs/nilfs2/ioctl.c:1290 nilfs_compat_ioctl+0x1b8/0x200 fs/nilfs2/ioctl.c:1343 __do_compat_sys_ioctl fs/ioctl.c:968 [inline] __se_compat_sys_ioctl+0x7dd/0x1000 fs/ioctl.c:910 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:910 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 16-127 of 3968 are uninitialized ... This eliminates the leak issue by initializing the page allocated as buffer using get_zeroed_page(). CVE-2023-53035 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53035.html CVE-2023-53035 https://bugzilla.suse.com/1242739 SUSE Bug 1242739 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on lpfc_read_object()'s routine to NULL check pdata. Currently, an early return error is thrown from lpfc_read_object() to protect us from NULL ptr dereference, but the errno code is -ENODEV. Change the errno code to a more appropriate -ENOMEM. CVE-2023-53038 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53038.html CVE-2023-53038 https://bugzilla.suse.com/1242743 SUSE Bug 1242743 In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp_dev. If ish_probe() fails, the devm-managed device resources including ishtp_dev are freed, but the work is not cancelled, causing a use-after-free when the work function tries to access ishtp_dev. Use devm_work_autocancel() instead, so that the work is automatically cancelled if probe fails. CVE-2023-53039 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53039.html CVE-2023-53039 https://bugzilla.suse.com/1242745 SUSE Bug 1242745 https://bugzilla.suse.com/1242880 SUSE Bug 1242880 In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. CVE-2023-53040 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53040.html CVE-2023-53040 https://bugzilla.suse.com/1242746 SUSE Bug 1242746 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Call Trace: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_dbg+0x70/0x100 [qla2xxx] __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx] qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx] qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx] qla2x00_remove_one+0x364/0x400 [qla2xxx] pci_device_remove+0x36/0xa0 __device_release_driver+0x17a/0x230 device_release_driver+0x24/0x30 pci_stop_bus_device+0x68/0x90 pci_stop_and_remove_bus_device_locked+0x16/0x30 remove_store+0x75/0x90 kernfs_fop_write_iter+0x11c/0x1b0 new_sync_write+0x11f/0x1b0 vfs_write+0x1eb/0x280 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x80 ? do_user_addr_fault+0x1d8/0x680 ? do_syscall_64+0x69/0x80 ? exc_page_fault+0x62/0x140 ? asm_exc_page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x44/0xae The command was completed in the abort path during driver unload with a lock held, causing the warning in abort path. Hence complete the command without any lock held. CVE-2023-53041 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53041.html CVE-2023-53041 https://bugzilla.suse.com/1242747 SUSE Bug 1242747 In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used. CVE-2023-53044 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53044.html CVE-2023-53044 https://bugzilla.suse.com/1242759 SUSE Bug 1242759 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resources to be released, which happens when the refcount falls to zero. Since userspace can keep the refcount incremented by not closing the relevant file descriptor, the call to unbind may block indefinitely. This can cause a deadlock during reboot, as evidenced by the following blocked task observed on my machine: task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c Call trace: __switch_to+0xc8/0x140 __schedule+0x2f0/0x7c0 schedule+0x60/0xd0 schedule_timeout+0x180/0x1d4 wait_for_completion+0x78/0x180 snd_card_free+0x90/0xa0 g_audio_cleanup+0x2c/0x64 afunc_unbind+0x28/0x60 ... kernel_restart+0x4c/0xac __do_sys_reboot+0xcc/0x1ec __arm64_sys_reboot+0x28/0x30 invoke_syscall+0x4c/0x110 ... The issue can also be observed by opening the card with arecord and then stopping the process through the shell before unbinding: # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null Recording WAVE '/dev/null' : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null # echo gadget.0 > /sys/bus/gadget/drivers/configfs-gadget/unbind (observe that the unbind command never finishes) Fix the problem by using snd_card_free_when_closed() instead, which will still disconnect the card as desired, but defer the task of freeing the resources to the core once userspace closes its file descriptor. CVE-2023-53045 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53045.html CVE-2023-53045 https://bugzilla.suse.com/1242756 SUSE Bug 1242756 In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() When ucsi_init() fails, ucsi->connector is NULL, yet in case of ucsi_acpi we may still get events which cause the ucs_acpi code to call ucsi_connector_change(), which then derefs the NULL ucsi->connector pointer. Fix this by not setting ucsi->ntfy inside ucsi_init() until ucsi_init() has succeeded, so that ucsi_connector_change() ignores the events because UCSI_ENABLE_NTFY_CONNECTOR_CHANGE is not set in the ntfy mask. CVE-2023-53049 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53049.html CVE-2023-53049 https://bugzilla.suse.com/1242244 SUSE Bug 1242244 In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] ... [ 3391.387210][ C12] Call trace: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550 [ 3391.405856][ C12] submit_bio_noacct+0x308/0x380 [ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt] [ 3391.416005][ C12] kthread+0x130/0x138 [ 3391.419911][ C12] ret_from_fork+0x10/0x18 CVE-2023-53051 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53051.html CVE-2023-53051 https://bugzilla.suse.com/1242284 SUSE Bug 1242284 In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons so we can avoid the use-after-free bug is DFS cache refresher and other places that require IPCs to get new DFS referrals on. Also, get rid of mount group handling in DFS cache as we no longer need it. This fixes below use-after-free bug catched by KASAN [ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56 [ 379.948096] [ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23 [ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014 [ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs] [ 379.949942] Call Trace: [ 379.950113] <TASK> [ 379.950260] dump_stack_lvl+0x50/0x67 [ 379.950510] print_report+0x16a/0x48e [ 379.950759] ? __virt_addr_valid+0xd8/0x160 [ 379.951040] ? __phys_addr+0x41/0x80 [ 379.951285] kasan_report+0xdb/0x110 [ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs] [ 379.953637] ? __pfx___mutex_lock+0x10/0x10 [ 379.953915] ? lock_release+0xb6/0x720 [ 379.954167] ? __pfx_lock_acquire+0x10/0x10 [ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs] [ 379.954960] ? __pfx_wb_workfn+0x10/0x10 [ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs] [ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs] [ 379.956323] ? __pfx_lock_acquired+0x10/0x10 [ 379.956615] ? read_word_at_a_time+0xe/0x20 [ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220 [ 379.957235] process_one_work+0x535/0x990 [ 379.957509] ? __pfx_process_one_work+0x10/0x10 [ 379.957812] ? lock_acquired+0xb7/0x5f0 [ 379.958069] ? __list_add_valid+0x37/0xd0 [ 379.958341] ? __list_add_valid+0x37/0xd0 [ 379.958611] worker_thread+0x8e/0x630 [ 379.958861] ? __pfx_worker_thread+0x10/0x10 [ 379.959148] kthread+0x17d/0x1b0 [ 379.959369] ? __pfx_kthread+0x10/0x10 [ 379.959630] ret_from_fork+0x2c/0x50 [ 379.959879] </TASK> CVE-2023-53052 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53052.html CVE-2023-53052 https://bugzilla.suse.com/1242749 SUSE Bug 1242749 https://bugzilla.suse.com/1242881 SUSE Bug 1242881 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2023-53054 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53054.html CVE-2023-53054 https://bugzilla.suse.com/1242226 SUSE Bug 1242226 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2023-53056 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53056.html CVE-2023-53056 https://bugzilla.suse.com/1242219 SUSE Bug 1242219 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2023-53058 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53058.html CVE-2023-53058 https://bugzilla.suse.com/1242237 SUSE Bug 1242237 In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74 CVE-2023-53059 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53059.html CVE-2023-53059 https://bugzilla.suse.com/1242230 SUSE Bug 1242230 In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the extra rtnl_lock causes deadlock below [ 141.420169] <TASK> [ 141.420672] __schedule+0x2dd/0x840 [ 141.421427] schedule+0x50/0xc0 [ 141.422041] schedule_preempt_disabled+0x11/0x20 [ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 [ 141.423324] unregister_netdev+0xe/0x20 [ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] [ 141.423791] pci_device_remove+0x36/0xb0 [ 141.423990] device_release_driver_internal+0xc1/0x160 [ 141.424270] pci_stop_bus_device+0x6d/0x90 [ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 [ 141.424789] pci_iov_remove_virtfn+0xba/0x120 [ 141.425452] sriov_disable+0x2f/0xf0 [ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] [ 141.426353] igb_remove+0xa0/0x130 [igb] [ 141.426599] pci_device_remove+0x36/0xb0 [ 141.426796] device_release_driver_internal+0xc1/0x160 [ 141.427060] driver_detach+0x44/0x90 [ 141.427253] bus_remove_driver+0x55/0xe0 [ 141.427477] pci_unregister_driver+0x2a/0xa0 [ 141.428296] __x64_sys_delete_module+0x141/0x2b0 [ 141.429126] ? mntput_no_expire+0x4a/0x240 [ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 [ 141.429653] do_syscall_64+0x5b/0x80 [ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0 [ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.430849] ? do_syscall_64+0x67/0x80 [ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 [ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.432482] ? do_syscall_64+0x67/0x80 [ 141.432714] ? exc_page_fault+0x64/0x140 [ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc Since the igb_disable_sriov() will call pci_disable_sriov() before releasing any resources, the netdev core will synchronize the cleanup to avoid any races. This patch removes the useless rtnl_(un)lock to guarantee correctness. CVE-2023-53060 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53060.html CVE-2023-53060 https://bugzilla.suse.com/1242241 SUSE Bug 1242241 In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. CVE-2023-53062 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53062.html CVE-2023-53062 https://bugzilla.suse.com/1242228 SUSE Bug 1242228 In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: "systemd-shutdow" #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc #3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930 #4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf] #5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513 #6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa #7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e #9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429 #10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4 #11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice] #12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice] #13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice] #14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1 #15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386 #16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870 #17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6 #18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159 #19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc #20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d #21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169 #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7 RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead RBP: 00007fffbcc55ca0 R8: 0000000000000000 R9: 00007fffbcc54e90 R10: 00007fffbcc55050 R11: 0000000000000202 R12: 0000000000000005 R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000 ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b During reboot all drivers PM shutdown callbacks are invoked. In iavf_shutdown() the adapter state is changed to __IAVF_REMOVE. In ice_shutdown() the call chain above is executed, which at some point calls iavf_remove(). However iavf_remove() expects the VF to be in one of the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If that's not the case it sleeps forever. So if iavf_shutdown() gets invoked before iavf_remove() the system will hang indefinitely because the adapter is already in state __IAVF_REMOVE. Fix this by returning from iavf_remove() if the state is __IAVF_REMOVE, as we already went through iavf_shutdown(). CVE-2023-53064 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53064.html CVE-2023-53064 https://bugzilla.suse.com/1242222 SUSE Bug 1242222 In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print_address_description.constprop.0+0x19/0x170 __kasan_report.cold+0x6c/0x84 kasan_report+0x3a/0x50 __perf_event_header__init_id+0x34/0x290 perf_event_header__init_id+0x48/0x60 perf_output_begin+0x4a4/0x560 perf_event_bpf_output+0x161/0x1e0 perf_iterate_sb_cpu+0x29e/0x340 perf_iterate_sb+0x4c/0xc0 perf_event_bpf_event+0x194/0x2c0 __bpf_prog_put.constprop.0+0x55/0xf0 __cls_bpf_delete_prog+0xea/0x120 [cls_bpf] cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf] process_one_work+0x3c2/0x730 worker_thread+0x93/0x650 kthread+0x1b8/0x210 ret_from_fork+0x1f/0x30 commit 267fb27352b6 ("perf: Reduce stack usage of perf_output_begin()") use on-stack struct perf_sample_data of the caller function. However, perf_event_bpf_output uses incorrect parameter to convert small-sized data (struct perf_bpf_event) into large-sized data (struct perf_sample_data), which causes memory overwriting occurs in __perf_event_header__init_id. CVE-2023-53065 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53065.html CVE-2023-53065 https://bugzilla.suse.com/1242229 SUSE Bug 1242229 In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. CVE-2023-53066 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53066.html CVE-2023-53066 https://bugzilla.suse.com/1242227 SUSE Bug 1242227 In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. Additionally prevent integer underflow when size is less than ETH_FCS_LEN. CVE-2023-53068 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53068.html CVE-2023-53068 https://bugzilla.suse.com/1242239 SUSE Bug 1242239 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly added to ftrace_pages_start in ftrace_process_locs(). Before the first pg->index++, index is 0 and accessing pg->records[-1].ip will cause this problem. Don't check the ip when pg->index is 0. CVE-2023-53075 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53075.html CVE-2023-53075 https://bugzilla.suse.com/1242218 SUSE Bug 1242218 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dml_log2 returns an unexpected negative value: shift exponent 4294966273 is too large for 32-bit type 'int' [HOW] In the case PTEBufferSizeInRequests is zero, skip the dml_log2() and assign the result directly. CVE-2023-53077 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53077.html CVE-2023-53077 https://bugzilla.suse.com/1242752 SUSE Bug 1242752 In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30 Fix the problem by freeing 'qdata' in error path. CVE-2023-53078 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53078.html CVE-2023-53078 https://bugzilla.suse.com/1242231 SUSE Bug 1242231 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path when EEH happens. Since the vport's promisc settings(uc, mc and all) in firmware are reset after EEH, mlx5 driver will try to delete the above rules in the initialization path. This cause kernel crash because these software rules are no longer valid. Fix by nullifying these rules right after delete to avoid accessing any dangling pointers. Call Trace: __list_del_entry_valid+0xcc/0x100 (unreliable) tree_put_node+0xf4/0x1b0 [mlx5_core] tree_remove_node+0x30/0x70 [mlx5_core] mlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core] esw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core] esw_update_vport_rx_mode+0xb4/0x180 [mlx5_core] esw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core] esw_enable_vport+0x130/0x260 [mlx5_core] mlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core] mlx5_device_enable_sriov+0x74/0x440 [mlx5_core] mlx5_load_one+0x114c/0x1550 [mlx5_core] mlx5_pci_resume+0x68/0xf0 [mlx5_core] eeh_report_resume+0x1a4/0x230 eeh_pe_dev_traverse+0x98/0x170 eeh_handle_normal_event+0x3e4/0x640 eeh_handle_event+0x4c/0x370 eeh_event_handler+0x14c/0x210 kthread+0x168/0x1b0 ret_from_kernel_thread+0x5c/0x84 CVE-2023-53079 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53079.html CVE-2023-53079 https://bugzilla.suse.com/1242765 SUSE Bug 1242765 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2_write_end_nolock() just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page writeback tries to write this page before write succeeds and expands i_size, page gets into inconsistent state where page dirty bit is clear but buffer dirty bits stay set resulting in page data never getting written and so data copied to the page is lost. Fix the problem by invalidating page beyond EOF after failed write. CVE-2023-53081 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53081.html CVE-2023-53081 https://bugzilla.suse.com/1242281 SUSE Bug 1242281 In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resulting in the dma-buf shmem GEM object getting prematurely freed leading to a later use-after-free. CVE-2023-53084 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53084.html CVE-2023-53084 https://bugzilla.suse.com/1242294 SUSE Bug 1242294 In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list corruptions when using i915 perf with a number of concurrently running graphics applications. Root cause analysis pointed at an issue in barrier processing code -- a race among perf open / close replacing active barriers with perf requests on kernel context and concurrent barrier preallocate / acquire operations performed during user context first pin / last unpin. When adding a request to a composite tracker, we try to reuse an existing fence tracker, already allocated and registered with that composite. The tracker we obtain may already track another fence, may be an idle barrier, or an active barrier. If the tracker we get occurs a non-idle barrier then we try to delete that barrier from a list of barrier tasks it belongs to. However, while doing that we don't respect return value from a function that performs the barrier deletion. Should the deletion ever fail, we would end up reusing the tracker still registered as a barrier task. Since the same structure field is reused with both fence callback lists and barrier tasks list, list corruptions would likely occur. Barriers are now deleted from a barrier tasks list by temporarily removing the list content, traversing that content with skip over the node to be deleted, then populating the list back with the modified content. Should that intentionally racy concurrent deletion attempts be not serialized, one or more of those may fail because of the list being temporary empty. Related code that ignores the results of barrier deletion was initially introduced in v5.4 by commit d8af05ff38ae ("drm/i915: Allow sharing the idle-barrier from other kernel requests"). However, all users of the barrier deletion routine were apparently serialized at that time, then the issue didn't exhibit itself. Results of git bisect with help of a newly developed igt@gem_barrier_race@remote-request IGT test indicate that list corruptions might start to appear after commit 311770173fac ("drm/i915/gt: Schedule request retirement when timeline idles"), introduced in v5.5. Respect results of barrier deletion attempts -- mark the barrier as idle only if successfully deleted from the list. Then, before proceeding with setting our fence as the one currently tracked, make sure that the tracker we've got is not a non-idle barrier. If that check fails then don't use that tracker but go back and try to acquire a new, usable one. v3: use unlikely() to document what outcome we expect (Andi), - fix bad grammar in commit description. v2: no code changes, - blame commit 311770173fac ("drm/i915/gt: Schedule request retirement when timeline idles"), v5.5, not commit d8af05ff38ae ("drm/i915: Allow sharing the idle-barrier from other kernel requests"), v5.4, - reword commit description. (cherry picked from commit 506006055769b10d1b2b4e22f636f3b45e0e9fc7) CVE-2023-53087 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53087.html CVE-2023-53087 https://bugzilla.suse.com/1242280 SUSE Bug 1242280 In the Linux kernel, the following vulnerability has been resolved: ext4: fix task hung in ext4_xattr_delete_inode Syzbot reported a hung task problem: ================================================================== INFO: task syz-executor232:5073 blocked for more than 143 seconds. Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-exec232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5244 [inline] __schedule+0x995/0xe20 kernel/sched/core.c:6555 schedule+0xcb/0x190 kernel/sched/core.c:6631 __wait_on_freeing_inode fs/inode.c:2196 [inline] find_inode_fast+0x35a/0x4c0 fs/inode.c:950 iget_locked+0xb1/0x830 fs/inode.c:1273 __ext4_iget+0x22e/0x3ed0 fs/ext4/inode.c:4861 ext4_xattr_inode_iget+0x68/0x4e0 fs/ext4/xattr.c:389 ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 fs/ext4/xattr.c:1148 ext4_xattr_delete_inode+0xb04/0xcd0 fs/ext4/xattr.c:2880 ext4_evict_inode+0xd7c/0x10b0 fs/ext4/inode.c:296 evict+0x2a4/0x620 fs/inode.c:664 ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474 __ext4_fill_super fs/ext4/super.c:5516 [inline] ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644 get_tree_bdev+0x400/0x620 fs/super.c:1282 vfs_get_tree+0x88/0x270 fs/super.c:1489 do_new_mount+0x289/0xad0 fs/namespace.c:3145 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa5406fd5ea RSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea RDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970 RBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432 R10: 0000000000804a03 R11: 0000000000000202 R12: 0000000000000004 R13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 0000000000000000 </TASK> ================================================================== The problem is that the inode contains an xattr entry with ea_inum of 15 when cleaning up an orphan inode <15>. When evict inode <15>, the reference counting of the corresponding EA inode is decreased. When EA inode <15> is found by find_inode_fast() in __ext4_iget(), it is found that the EA inode holds the I_FREEING flag and waits for the EA inode to complete deletion. As a result, when inode <15> is being deleted, we wait for inode <15> to complete the deletion, resulting in an infinite loop and triggering Hung Task. To solve this problem, we only need to check whether the ino of EA inode and parent is the same before getting EA inode. CVE-2023-53089 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53089.html CVE-2023-53089 https://bugzilla.suse.com/1242744 SUSE Bug 1242744 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix an illegal memory access In the kfd_wait_on_events() function, the kfd_event_waiter structure is allocated by alloc_event_waiters(), but the event field of the waiter structure is not initialized; When copy_from_user() fails in the kfd_wait_on_events() function, it will enter exception handling to release the previously allocated memory of the waiter structure; Due to the event field of the waiters structure being accessed in the free_waiters() function, this results in illegal memory access and system crash, here is the crash log: localhost kernel: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0 localhost kernel: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082 localhost kernel: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000 localhost kernel: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0 localhost kernel: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64 localhost kernel: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002 localhost kernel: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698 localhost kernel: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000 localhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 localhost kernel: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0 localhost kernel: Call Trace: localhost kernel: _raw_spin_lock_irqsave+0x30/0x40 localhost kernel: remove_wait_queue+0x12/0x50 localhost kernel: kfd_wait_on_events+0x1b6/0x490 [hydcu] localhost kernel: ? ftrace_graph_caller+0xa0/0xa0 localhost kernel: kfd_ioctl+0x38c/0x4a0 [hydcu] localhost kernel: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu] localhost kernel: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu] localhost kernel: ? ftrace_graph_caller+0xa0/0xa0 localhost kernel: __x64_sys_ioctl+0x8e/0xd0 localhost kernel: ? syscall_trace_enter.isra.18+0x143/0x1b0 localhost kernel: do_syscall_64+0x33/0x80 localhost kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9 localhost kernel: RIP: 0033:0x152a4dff68d7 Allocate the structure with kcalloc, and remove redundant 0-initialization and a redundant loop condition check. CVE-2023-53090 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53090.html CVE-2023-53090 https://bugzilla.suse.com/1242753 SUSE Bug 1242753 In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which is obviously unreasonable because we have successfully loaded and replayed the journal through the old s_journal_inum. And the new s_journal_inum bypasses some of the checks in ext4_get_journal(), which may trigger a null pointer dereference problem. So if s_journal_inum changes after the journal replay, we ignore the change, and rewrite the current journal_inum to the superblock. CVE-2023-53091 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53091.html CVE-2023-53091 https://bugzilla.suse.com/1242767 SUSE Bug 1242767 In the Linux kernel, the following vulnerability has been resolved: interconnect: exynos: fix node leak in probe PM QoS error path Make sure to add the newly allocated interconnect node to the provider before adding the PM QoS request so that the node is freed on errors. CVE-2023-53092 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53092.html CVE-2023-53092 https://bugzilla.suse.com/1242415 SUSE Bug 1242415 In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols, syscalls, or grouped in buckets or log. Give an error if a value is set to do so. Note, the histogram code was not prepared to handle these modifiers for histograms and caused a bug. Mark Rutland reported: # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' >> /sys/kernel/tracing/kprobe_events # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' > /sys/kernel/tracing/events/kprobes/copy_to_user/trigger # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist [ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 143.695190] Mem abort info: [ 143.695362] ESR = 0x0000000096000004 [ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits [ 143.695889] SET = 0, FnV = 0 [ 143.696077] EA = 0, S1PTW = 0 [ 143.696302] FSC = 0x04: level 0 translation fault [ 143.702381] Data abort info: [ 143.702614] ISV = 0, ISS = 0x00000004 [ 143.702832] CM = 0, WnR = 0 [ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000 [ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 143.704714] Modules linked in: [ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3 [ 143.706138] Hardware name: linux,dummy-virt (DT) [ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 143.707120] pc : hist_field_name.part.0+0x14/0x140 [ 143.707504] lr : hist_field_name.part.0+0x104/0x140 [ 143.707774] sp : ffff800008333a30 [ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0 [ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800 [ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001 [ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000 [ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023 [ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c [ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c [ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d [ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000 [ 143.711746] Call trace: [ 143.712115] hist_field_name.part.0+0x14/0x140 [ 143.712642] hist_field_name.part.0+0x104/0x140 [ 143.712925] hist_field_print+0x28/0x140 [ 143.713125] event_hist_trigger_print+0x174/0x4d0 [ 143.713348] hist_show+0xf8/0x980 [ 143.713521] seq_read_iter+0x1bc/0x4b0 [ 143.713711] seq_read+0x8c/0xc4 [ 143.713876] vfs_read+0xc8/0x2a4 [ 143.714043] ksys_read+0x70/0xfc [ 143.714218] __arm64_sys_read+0x24/0x30 [ 143.714400] invoke_syscall+0x50/0x120 [ 143.714587] el0_svc_common.constprop.0+0x4c/0x100 [ 143.714807] do_el0_svc+0x44/0xd0 [ 143.714970] el0_svc+0x2c/0x84 [ 143.715134] el0t_64_sync_handler+0xbc/0x140 [ 143.715334] el0t_64_sync+0x190/0x194 [ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000) [ 143.716510] ---[ end trace 0000000000000000 ]--- Segmentation fault CVE-2023-53093 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53093.html CVE-2023-53093 https://bugzilla.suse.com/1242279 SUSE Bug 1242279 In the Linux kernel, the following vulnerability has been resolved: interconnect: fix mem leak when freeing nodes The node link array is allocated when adding links to a node but is not deallocated when nodes are destroyed. CVE-2023-53096 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53096.html CVE-2023-53096 https://bugzilla.suse.com/1242289 SUSE Bug 1242289 In the Linux kernel, the following vulnerability has been resolved: media: rc: gpio-ir-recv: add remove function In case runtime PM is enabled, do runtime PM clean up to remove cpu latency qos request, otherwise driver removal may have below kernel dump: [ 19.463299] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 [ 19.472161] Mem abort info: [ 19.474985] ESR = 0x0000000096000004 [ 19.478754] EC = 0x25: DABT (current EL), IL = 32 bits [ 19.484081] SET = 0, FnV = 0 [ 19.487149] EA = 0, S1PTW = 0 [ 19.490361] FSC = 0x04: level 0 translation fault [ 19.495256] Data abort info: [ 19.498149] ISV = 0, ISS = 0x00000004 [ 19.501997] CM = 0, WnR = 0 [ 19.504977] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000049f81000 [ 19.511432] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000 [ 19.518245] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 19.524520] Modules linked in: gpio_ir_recv(+) rc_core [last unloaded: rc_core] [ 19.531845] CPU: 0 PID: 445 Comm: insmod Not tainted 6.2.0-rc1-00028-g2c397a46d47c #72 [ 19.531854] Hardware name: FSL i.MX8MM EVK board (DT) [ 19.531859] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 19.551777] pc : cpu_latency_qos_remove_request+0x20/0x110 [ 19.557277] lr : gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.557294] sp : ffff800008ce3740 [ 19.557297] x29: ffff800008ce3740 x28: 0000000000000000 x27: ffff800008ce3d50 [ 19.574270] x26: ffffc7e3e9cea100 x25: 00000000000f4240 x24: ffffc7e3f9ef0e30 [ 19.574284] x23: 0000000000000000 x22: ffff0061803820f4 x21: 0000000000000008 [ 19.574296] x20: ffffc7e3fa75df30 x19: 0000000000000020 x18: ffffffffffffffff [ 19.588570] x17: 0000000000000000 x16: ffffc7e3f9efab70 x15: ffffffffffffffff [ 19.595712] x14: ffff800008ce37b8 x13: ffff800008ce37aa x12: 0000000000000001 [ 19.602853] x11: 0000000000000001 x10: ffffcbe3ec0dff87 x9 : 0000000000000008 [ 19.609991] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 000000000f0bfe9f [ 19.624261] x5 : 00ffffffffffffff x4 : 0025ab8e00000000 x3 : ffff006180382010 [ 19.631405] x2 : ffffc7e3e9ce8030 x1 : ffffc7e3fc3eb810 x0 : 0000000000000020 [ 19.638548] Call trace: [ 19.640995] cpu_latency_qos_remove_request+0x20/0x110 [ 19.646142] gpio_ir_recv_runtime_suspend+0x18/0x30 [gpio_ir_recv] [ 19.652339] pm_generic_runtime_suspend+0x2c/0x44 [ 19.657055] __rpm_callback+0x48/0x1dc [ 19.660807] rpm_callback+0x6c/0x80 [ 19.664301] rpm_suspend+0x10c/0x640 [ 19.667880] rpm_idle+0x250/0x2d0 [ 19.671198] update_autosuspend+0x38/0xe0 [ 19.675213] pm_runtime_set_autosuspend_delay+0x40/0x60 [ 19.680442] gpio_ir_recv_probe+0x1b4/0x21c [gpio_ir_recv] [ 19.685941] platform_probe+0x68/0xc0 [ 19.689610] really_probe+0xc0/0x3dc [ 19.693189] __driver_probe_device+0x7c/0x190 [ 19.697550] driver_probe_device+0x3c/0x110 [ 19.701739] __driver_attach+0xf4/0x200 [ 19.705578] bus_for_each_dev+0x70/0xd0 [ 19.709417] driver_attach+0x24/0x30 [ 19.712998] bus_add_driver+0x17c/0x240 [ 19.716834] driver_register+0x78/0x130 [ 19.720676] __platform_driver_register+0x28/0x34 [ 19.725386] gpio_ir_recv_driver_init+0x20/0x1000 [gpio_ir_recv] [ 19.731404] do_one_initcall+0x44/0x2ac [ 19.735243] do_init_module+0x48/0x1d0 [ 19.739003] load_module+0x19fc/0x2034 [ 19.742759] __do_sys_finit_module+0xac/0x12c [ 19.747124] __arm64_sys_finit_module+0x20/0x30 [ 19.751664] invoke_syscall+0x48/0x114 [ 19.755420] el0_svc_common.constprop.0+0xcc/0xec [ 19.760132] do_el0_svc+0x38/0xb0 [ 19.763456] el0_svc+0x2c/0x84 [ 19.766516] el0t_64_sync_handler+0xf4/0x120 [ 19.770789] el0t_64_sync+0x190/0x194 [ 19.774460] Code: 910003fd a90153f3 aa0003f3 91204021 (f9401400) [ 19.780556] ---[ end trace 0000000000000000 ]--- CVE-2023-53098 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53098.html CVE-2023-53098 https://bugzilla.suse.com/1242779 SUSE Bug 1242779 In the Linux kernel, the following vulnerability has been resolved: firmware: xilinx: don't make a sleepable memory allocation from an atomic context The following issue was discovered using lockdep: [ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0 [ 6.702431] 2 locks held by swapper/0/1: [ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90 [ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140 [ 6.723156] irq event stamp: 304030 [ 6.726596] hardirqs last enabled at (304029): [<ffffffc008d17ee0>] _raw_spin_unlock_irqrestore+0xc0/0xd0 [ 6.736142] hardirqs last disabled at (304030): [<ffffffc00876bc5c>] clk_enable_lock+0xfc/0x140 [ 6.744742] softirqs last enabled at (303958): [<ffffffc0080904f0>] _stext+0x4f0/0x894 [ 6.752655] softirqs last disabled at (303951): [<ffffffc0080e53b8>] irq_exit+0x238/0x280 [ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2 [ 6.768048] Hardware name: xlnx,zynqmp (DT) [ 6.772179] Call trace: [ 6.774584] dump_backtrace+0x0/0x300 [ 6.778197] show_stack+0x18/0x30 [ 6.781465] dump_stack_lvl+0xb8/0xec [ 6.785077] dump_stack+0x1c/0x38 [ 6.788345] ___might_sleep+0x1a8/0x2a0 [ 6.792129] __might_sleep+0x6c/0xd0 [ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0 [ 6.800127] do_feature_check_call+0x100/0x220 [ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0 [ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0 [ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120 [ 6.817327] zynqmp_pll_enable+0x38/0xc0 [ 6.821197] clk_core_enable+0x144/0x400 [ 6.825067] clk_core_enable+0xd4/0x400 [ 6.828851] clk_core_enable+0xd4/0x400 [ 6.832635] clk_core_enable+0xd4/0x400 [ 6.836419] clk_core_enable+0xd4/0x400 [ 6.840203] clk_core_enable+0xd4/0x400 [ 6.843987] clk_core_enable+0xd4/0x400 [ 6.847771] clk_core_enable+0xd4/0x400 [ 6.851555] clk_core_enable_lock+0x24/0x50 [ 6.855683] clk_enable+0x24/0x40 [ 6.858952] fclk_probe+0x84/0xf0 [ 6.862220] platform_probe+0x8c/0x110 [ 6.865918] really_probe+0x110/0x5f0 [ 6.869530] __driver_probe_device+0xcc/0x210 [ 6.873830] driver_probe_device+0x64/0x140 [ 6.877958] __driver_attach+0x114/0x1f0 [ 6.881828] bus_for_each_dev+0xe8/0x160 [ 6.885698] driver_attach+0x34/0x50 [ 6.889224] bus_add_driver+0x228/0x300 [ 6.893008] driver_register+0xc0/0x1e0 [ 6.896792] __platform_driver_register+0x44/0x60 [ 6.901436] fclk_driver_init+0x1c/0x28 [ 6.905220] do_one_initcall+0x104/0x590 [ 6.909091] kernel_init_freeable+0x254/0x2bc [ 6.913390] kernel_init+0x24/0x130 [ 6.916831] ret_from_fork+0x10/0x20 Fix it by passing the GFP_ATOMIC gfp flag for the corresponding memory allocation. CVE-2023-53099 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53099.html CVE-2023-53099 https://bugzilla.suse.com/1242399 SUSE Bug 1242399 In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4_update_inline_data Syzbot found the following issue: EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" fscrypt: AES-256-XTS using implementation "xts-aes-aesni" ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 Modules linked in: CPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 RSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246 RAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000 RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248 RBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220 R10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40 R13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c FS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113 __do_kmalloc_node mm/slab_common.c:956 [inline] __kmalloc+0xfe/0x190 mm/slab_common.c:981 kmalloc include/linux/slab.h:584 [inline] kzalloc include/linux/slab.h:720 [inline] ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346 ext4_update_inline_dir fs/ext4/inline.c:1115 [inline] ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307 ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385 ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772 ext4_create+0x36c/0x560 fs/ext4/namei.c:2817 lookup_open fs/namei.c:3413 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x12ac/0x2dd0 fs/namei.c:3711 do_filp_open+0x264/0x4f0 fs/namei.c:3741 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Above issue happens as follows: ext4_iget ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60 ext4_try_add_inline_entry __ext4_mark_inode_dirty ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44 ext4_xattr_shift_entries ->after shift i_inline_off is incorrect, actually is change to 176 ext4_try_add_inline_entry ext4_update_inline_dir get_max_inline_xattr_value_size if (EXT4_I(inode)->i_inline_off) entry = (struct ext4_xattr_entry *)((void *)raw_inode + EXT4_I(inode)->i_inline_off); free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)); ->As entry is incorrect, then 'free' may be negative ext4_update_inline_data value = kzalloc(len, GFP_NOFS); -> len is unsigned int, maybe very large, then trigger warning when 'kzalloc()' To resolve the above issue we need to update 'i_inline_off' after 'ext4_xattr_shift_entries()'. We do not need to set EXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty() already sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA when it is needed may trigger a BUG_ON in ext4_writepages(). CVE-2023-53100 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53100.html CVE-2023-53100 https://bugzilla.suse.com/1242790 SUSE Bug 1242790 In the Linux kernel, the following vulnerability has been resolved: ext4: zero i_disksize when initializing the bootloader inode If the boot loader inode has never been used before, the EXT4_IOC_SWAP_BOOT inode will initialize it, including setting the i_size to 0. However, if the "never before used" boot loader has a non-zero i_size, then i_disksize will be non-zero, and the inconsistency between i_size and i_disksize can trigger a kernel warning: WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319 CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa RIP: 0010:ext4_file_write_iter+0xbc7/0xd10 Call Trace: vfs_write+0x3b1/0x5c0 ksys_write+0x77/0x160 __x64_sys_write+0x22/0x30 do_syscall_64+0x39/0x80 Reproducer: 1. create corrupted image and mount it: mke2fs -t ext4 /tmp/foo.img 200 debugfs -wR "sif <5> size 25700" /tmp/foo.img mount -t ext4 /tmp/foo.img /mnt cd /mnt echo 123 > file 2. Run the reproducer program: posix_memalign(&buf, 1024, 1024) fd = open("file", O_RDWR | O_DIRECT); ioctl(fd, EXT4_IOC_SWAP_BOOT); write(fd, buf, 1024); Fix this by setting i_disksize as well as i_size to zero when initiaizing the boot loader inode. CVE-2023-53101 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53101.html CVE-2023-53101 https://bugzilla.suse.com/1242791 SUSE Bug 1242791 In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and st_nci_spi_remove. Take st_nci_i2c_remove as an example. In st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work with llt_ndlc_sm_work. When it calls ndlc_recv or timeout handler, it will finally call schedule_work to start the work. When we call st_nci_i2c_remove to remove the driver, there may be a sequence as follows: Fix it by finishing the work before cleanup in ndlc_remove CPU0 CPU1 |llt_ndlc_sm_work st_nci_i2c_remove | ndlc_remove | st_nci_remove | nci_free_device| kfree(ndev) | //free ndlc->ndev | |llt_ndlc_rcv_queue |nci_recv_frame |//use ndlc->ndev CVE-2023-53106 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53106.html CVE-2023-53106 https://bugzilla.suse.com/1242215 SUSE Bug 1242215 In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucv_irq_data needs to be 4 bytes larger. These bytes are not used by the iucv module, but written by the z/VM hypervisor in case a CPU is deconfigured. Reported as: BUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten ----------------------------------------------------------------------------- 0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc Allocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1 __kmem_cache_alloc_node+0x166/0x450 kmalloc_node_trace+0x3a/0x70 iucv_cpu_prepare+0x44/0xd0 cpuhp_invoke_callback+0x156/0x2f0 cpuhp_issue_call+0xf0/0x298 __cpuhp_setup_state_cpuslocked+0x136/0x338 __cpuhp_setup_state+0xf4/0x288 iucv_init+0xf4/0x280 do_one_initcall+0x78/0x390 do_initcalls+0x11a/0x140 kernel_init_freeable+0x25e/0x2a0 kernel_init+0x2e/0x170 __ret_from_fork+0x3c/0x58 ret_from_fork+0xa/0x40 Freed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1 __kmem_cache_free+0x308/0x358 iucv_init+0x92/0x280 do_one_initcall+0x78/0x390 do_initcalls+0x11a/0x140 kernel_init_freeable+0x25e/0x2a0 kernel_init+0x2e/0x170 __ret_from_fork+0x3c/0x58 ret_from_fork+0xa/0x40 Slab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0| Object 0x0000000000400540 @offset=1344 fp=0x0000000000000000 Redzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Object 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................ Object 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................ Object 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400580: cc cc cc cc cc cc cc cc ........ Padding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ CPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Call Trace: [<000000032aa034ec>] dump_stack_lvl+0xac/0x100 [<0000000329f5a6cc>] check_bytes_and_report+0x104/0x140 [<0000000329f5aa78>] check_object+0x370/0x3c0 [<0000000329f5ede6>] free_debug_processing+0x15e/0x348 [<0000000329f5f06a>] free_to_partial_list+0x9a/0x2f0 [<0000000329f5f4a4>] __slab_free+0x1e4/0x3a8 [<0000000329f61768>] __kmem_cache_free+0x308/0x358 [<000000032a91465c>] iucv_cpu_dead+0x6c/0x88 [<0000000329c2fc66>] cpuhp_invoke_callback+0x156/0x2f0 [<000000032aa062da>] _cpu_down.constprop.0+0x22a/0x5e0 [<0000000329c3243e>] cpu_device_down+0x4e/0x78 [<000000032a61dee0>] device_offline+0xc8/0x118 [<000000032a61e048>] online_store+0x60/0xe0 [<000000032a08b6b0>] kernfs_fop_write_iter+0x150/0x1e8 [<0000000329fab65c>] vfs_write+0x174/0x360 [<0000000329fab9fc>] ksys_write+0x74/0x100 [<000000032aa03a5a>] __do_syscall+0x1da/0x208 [<000000032aa177b2>] system_call+0x82/0xb0 INFO: lockdep is turned off. FIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc FIX dma-kmalloc-64: Object at 0x0000000000400540 not freed CVE-2023-53108 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53108.html CVE-2023-53108 https://bugzilla.suse.com/1242422 SUSE Bug 1242422 In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues do_req_filebacked() calls blk_mq_complete_request() synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loop_handle_cmd() such that it does not dereference 'cmd' nor 'rq' after do_req_filebacked() finished unless we are sure that the request has not yet been completed. This patch fixes the following kernel crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000054 Call trace: css_put.42938+0x1c/0x1ac loop_process_work+0xc8c/0xfd4 loop_rootcg_workfn+0x24/0x34 process_one_work+0x244/0x558 worker_thread+0x400/0x8fc kthread+0x16c/0x1e0 ret_from_fork+0x10/0x20 CVE-2023-53111 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53111.html CVE-2023-53111 https://bugzilla.suse.com/1242428 SUSE Bug 1242428 In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in recovery mode then i40e_init_recovery_mode() is called and the rest of probe function is skipped including pci_set_drvdata(). Subsequent i40e_shutdown() called during shutdown/reboot dereferences NULL pointer as pci_get_drvdata() returns NULL. To fix call pci_set_drvdata() also during entering to recovery mode. Reproducer: 1) Lets have i40e NIC with firmware in recovery mode 2) Run reboot Result: [ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver [ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation. [ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality. [ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode. [ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0 [ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality. [ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode. [ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0 ... [ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2 [ 156.318330] #PF: supervisor write access in kernel mode [ 156.323546] #PF: error_code(0x0002) - not-present page [ 156.328679] PGD 0 P4D 0 [ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1 [ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022 [ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e] [ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 <f0> 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00 [ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282 [ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001 [ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000 [ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40 [ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000 [ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000 [ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000 [ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0 [ 156.438944] PKRU: 55555554 [ 156.441647] Call Trace: [ 156.444096] <TASK> [ 156.446199] pci_device_shutdown+0x38/0x60 [ 156.450297] device_shutdown+0x163/0x210 [ 156.454215] kernel_restart+0x12/0x70 [ 156.457872] __do_sys_reboot+0x1ab/0x230 [ 156.461789] ? vfs_writev+0xa6/0x1a0 [ 156.465362] ? __pfx_file_free_rcu+0x10/0x10 [ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0 [ 156.475034] do_syscall_64+0x3e/0x90 [ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 156.483658] RIP: 0033:0x7fe7bff37ab7 CVE-2023-53114 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53114.html CVE-2023-53114 https://bugzilla.suse.com/1242398 SUSE Bug 1242398 In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request passed as argument. Such implementation potentially could result in a use after free of the request pointer when percpu_ref_put() is called in nvmet_req_complete(). Avoid such problem by using a local variable to save the sq pointer before calling __nvmet_req_complete(), thus avoiding dereferencing the req pointer after that function call. CVE-2023-53116 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53116.html CVE-2023-53116 https://bugzilla.suse.com/1242411 SUSE Bug 1242411 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only be called once per host that is removed. This change does not require a scsi_add_host_with_dma() change since scsi_add_host_with_dma() will return 0 (success) if scsi_proc_host_add() is called. CVE-2023-53118 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53118.html CVE-2023-53118 https://bugzilla.suse.com/1242365 SUSE Bug 1242365 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533_out_complete() callback function. It causes the following failure: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441 Call Trace: <IRQ> __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671 usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754 dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700 expire_timers+0x234/0x330 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035 __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107 Initialize the field with the pn533_usb_phy currently used. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2023-53119 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53119.html CVE-2023-53119 https://bugzilla.suse.com/1242370 SUSE Bug 1242370 In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when they belong to a multi-function device. In particular on an SR-IOV device VFs may be removed and later re-added. In commit a50297cf8235 ("s390/pci: separate zbus creation from scanning") it was missed however that struct pci_bus and struct zpci_bus's resource list retained a reference to the PCI functions MMIO resources even though those resources are released and freed on hot-unplug. These stale resources may subsequently be claimed when the PCI function re-appears resulting in use-after-free. One idea of fixing this use-after-free in s390 specific code that was investigated was to simply keep resources around from the moment a PCI function first appeared until the whole virtual PCI bus created for a multi-function device disappears. The problem with this however is that due to the requirement of artificial MMIO addreesses (address cookies) extra logic is then needed to keep the address cookies compatible on re-plug. At the same time the MMIO resources semantically belong to the PCI function so tying their lifecycle to the function seems more logical. Instead a simpler approach is to remove the resources of an individually hot-unplugged PCI function from the PCI bus's resource list while keeping the resources of other PCI functions on the PCI bus untouched. This is done by introducing pci_bus_remove_resource() to remove an individual resource. Similarly the resource also needs to be removed from the struct zpci_bus's resource list. It turns out however, that there is really no need to add the MMIO resources to the struct zpci_bus's resource list at all and instead we can simply use the zpci_bar_struct's resource pointer directly. CVE-2023-53123 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53123.html CVE-2023-53123 https://bugzilla.suse.com/1242403 SUSE Bug 1242403 In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may return NULL. So we need to check the rphy to avoid possible NULL pointer access. If sas_rphy_add() returned with failure, rphy is set to NULL. We would access the rphy in the following lines which would also result NULL pointer access. CVE-2023-53124 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53124.html CVE-2023-53124 https://bugzilla.suse.com/1242165 SUSE Bug 1242165 In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents. CVE-2023-53125 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53125.html CVE-2023-53125 https://bugzilla.suse.com/1242285 SUSE Bug 1242285 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever getting called. If that happens the svc_rqst will not be cleaned up. CVE-2023-53131 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53131.html CVE-2023-53131 https://bugzilla.suse.com/1242377 SUSE Bug 1242377 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA (GRO/LRO) completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the amount of memory we allocate is order-5 on systems using 4K pages. Memory allocation failure has been reported: NetworkManager: page allocation failure: order:5, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 CPU: 15 PID: 2995 Comm: NetworkManager Kdump: loaded Not tainted 5.10.156 #1 Hardware name: Dell Inc. PowerEdge R660/0M1CC5, BIOS 0.2.25 08/12/2022 Call Trace: dump_stack+0x57/0x6e warn_alloc.cold.120+0x7b/0xdd ? _cond_resched+0x15/0x30 ? __alloc_pages_direct_compact+0x15f/0x170 __alloc_pages_slowpath.constprop.108+0xc58/0xc70 __alloc_pages_nodemask+0x2d0/0x300 kmalloc_order+0x24/0xe0 kmalloc_order_trace+0x19/0x80 bnxt_alloc_mem+0x1150/0x15c0 [bnxt_en] ? bnxt_get_func_stat_ctxs+0x13/0x60 [bnxt_en] __bnxt_open_nic+0x12e/0x780 [bnxt_en] bnxt_open+0x10b/0x240 [bnxt_en] __dev_open+0xe9/0x180 __dev_change_flags+0x1af/0x220 dev_change_flags+0x21/0x60 do_setlink+0x35c/0x1100 Instead of allocating this big chunk of memory and dividing it up for the concurrent TPA instances, allocate each small chunk separately for each TPA instance. This will reduce it to order-0 allocations. CVE-2023-53134 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53134.html CVE-2023-53134 https://bugzilla.suse.com/1242380 SUSE Bug 1242380 In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory When we are renaming a directory to a different directory, we need to update '..' entry in the moved directory. However nothing prevents moved directory from being modified and even converted from the inline format to the normal format. When such race happens the rename code gets confused and we crash. Fix the problem by locking the moved directory. CVE-2023-53137 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53137.html CVE-2023-53137 https://bugzilla.suse.com/1242358 SUSE Bug 1242358 In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds write in device_property_read_u8_array later. CVE-2023-53139 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53139.html CVE-2023-53139 https://bugzilla.suse.com/1242361 SUSE Bug 1242361 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Remove the /proc/scsi/${proc_name} directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit 77c019768f06 ("[SCSI] fix /proc memory leak in the SCSI core"). Fix the following kernel warning: proc_dir_entry 'scsi/scsi_debug' already registered WARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_register+0x27d/0x2e0 Call Trace: proc_mkdir+0xb5/0xe0 scsi_proc_hostdir_add+0xb5/0x170 scsi_host_alloc+0x683/0x6c0 sdebug_driver_probe+0x6b/0x2d0 [scsi_debug] really_probe+0x159/0x540 __driver_probe_device+0xdc/0x230 driver_probe_device+0x4f/0x120 __device_attach_driver+0xef/0x180 bus_for_each_drv+0xe5/0x130 __device_attach+0x127/0x290 device_initial_probe+0x17/0x20 bus_probe_device+0x110/0x130 device_add+0x673/0xc80 device_register+0x1e/0x30 sdebug_add_host_helper+0x1a7/0x3b0 [scsi_debug] scsi_debug_init+0x64f/0x1000 [scsi_debug] do_one_initcall+0xd7/0x470 do_init_module+0xe7/0x330 load_module+0x122a/0x12c0 __do_sys_finit_module+0x124/0x1a0 __x64_sys_finit_module+0x46/0x50 do_syscall_64+0x38/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 CVE-2023-53140 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53140.html CVE-2023-53140 https://bugzilla.suse.com/1242372 SUSE Bug 1242372 In the Linux kernel, the following vulnerability has been resolved: ice: copy last block omitted in ice_get_module_eeprom() ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") In this refactor, ice_get_module_eeprom() reads the eeprom in blocks of size 8. But the condition that should protect the buffer overflow ignores the last block. The last block always contains zeros. Bug uncovered by ethtool upstream commit 9538f384b535 ("netlink: eeprom: Defer page requests to individual parsers") After this commit, ethtool reads a block with length = 1; to read the SFF-8024 identifier value. unpatched driver: $ ethtool -m enp65s0f0np0 offset 0x90 length 8 Offset Values ------ ------ 0x0090: 00 00 00 00 00 00 00 00 $ ethtool -m enp65s0f0np0 offset 0x90 length 12 Offset Values ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c 00 00 00 00 $ $ ethtool -m enp65s0f0np0 Offset Values ------ ------ 0x0000: 11 06 06 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 08 00 0x0070: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 patched driver: $ ethtool -m enp65s0f0np0 offset 0x90 length 8 Offset Values ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c $ ethtool -m enp65s0f0np0 offset 0x90 length 12 Offset Values ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c 61 6e 6f 78 $ ethtool -m enp65s0f0np0 Identifier : 0x11 (QSFP28) Extended identifier : 0x00 Extended identifier description : 1.5W max. Power consumption Extended identifier description : No CDR in TX, No CDR in RX Extended identifier description : High Power Class (> 3.5 W) not enabled Connector : 0x23 (No separable connector) Transceiver codes : 0x88 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Transceiver type : 40G Ethernet: 40G Base-CR4 Transceiver type : 25G Ethernet: 25G Base-CR CA-N Encoding : 0x05 (64B/66B) BR, Nominal : 25500Mbps Rate identifier : 0x00 Length (SMF,km) : 0km Length (OM3 50um) : 0m Length (OM2 50um) : 0m Length (OM1 62.5um) : 0m Length (Copper or Active cable) : 1m Transmitter technology : 0xa0 (Copper cable unequalized) Attenuation at 2.5GHz : 4db Attenuation at 5.0GHz : 5db Attenuation at 7.0GHz : 7db Attenuation at 12.9GHz : 10db ........ .... CVE-2023-53142 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53142.html CVE-2023-53142 https://bugzilla.suse.com/1242282 SUSE Bug 1242282 In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: struct fsmap_head cmd = { .fmh_count = ...; .fmh_keys = { { .fmr_device = /* ext4 dev */, .fmr_physical = 0, }, { .fmr_device = /* ext4 dev */, .fmr_physical = 0, }, }, ... }; ret = ioctl(fd, FS_IOC_GETFSMAP, &cmd); Produces this crash if the underlying filesystem is a 1k-block ext4 filesystem: kernel BUG at fs/ext4/ext4.h:3331! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 3 PID: 3227965 Comm: xfs_io Tainted: G W O 6.2.0-rc8-achx Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:ext4_mb_load_buddy_gfp+0x47c/0x570 [ext4] RSP: 0018:ffffc90007c03998 EFLAGS: 00010246 RAX: ffff888004978000 RBX: ffffc90007c03a20 RCX: ffff888041618000 RDX: 0000000000000000 RSI: 00000000000005a4 RDI: ffffffffa0c99b11 RBP: ffff888012330000 R08: ffffffffa0c2b7d0 R09: 0000000000000400 R10: ffffc90007c03950 R11: 0000000000000000 R12: 0000000000000001 R13: 00000000ffffffff R14: 0000000000000c40 R15: ffff88802678c398 FS: 00007fdf2020c880(0000) GS:ffff88807e100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd318a5fe8 CR3: 000000007f80f001 CR4: 00000000001706e0 Call Trace: <TASK> ext4_mballoc_query_range+0x4b/0x210 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_getfsmap_datadev+0x713/0x890 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_getfsmap+0x2b7/0x330 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] ext4_ioc_getfsmap+0x153/0x2b0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] __ext4_ioctl+0x2a7/0x17e0 [ext4 dfa189daddffe8fecd3cdfd00564e0f265a8ab80] __x64_sys_ioctl+0x82/0xa0 do_syscall_64+0x2b/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fdf20558aff RSP: 002b:00007ffd318a9e30 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00000000000200c0 RCX: 00007fdf20558aff RDX: 00007fdf1feb2010 RSI: 00000000c0c0583b RDI: 0000000000000003 RBP: 00005625c0634be0 R08: 00005625c0634c40 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf1feb2010 R13: 00005625be70d994 R14: 0000000000000800 R15: 0000000000000000 For GETFSMAP calls, the caller selects a physical block device by writing its block number into fsmap_head.fmh_keys[01].fmr_device. To query mappings for a subrange of the device, the starting byte of the range is written to fsmap_head.fmh_keys[0].fmr_physical and the last byte of the range goes in fsmap_head.fmh_keys[1].fmr_physical. IOWs, to query what mappings overlap with bytes 3-14 of /dev/sda, you'd set the inputs as follows: fmh_keys[0] = { .fmr_device = major(8, 0), .fmr_physical = 3}, fmh_keys[1] = { .fmr_device = major(8, 0), .fmr_physical = 14}, Which would return you whatever is mapped in the 12 bytes starting at physical offset 3. The crash is due to insufficient range validation of keys[1] in ext4_getfsmap_datadev. On 1k-block filesystems, block 0 is not part of the filesystem, which means that s_first_data_block is nonzero. ext4_get_group_no_and_offset subtracts this quantity from the blocknr argument before cracking it into a group number and a block number within a group. IOWs, block group 0 spans blocks 1-8192 (1-based) instead of 0-8191 (0-based) like what happens with larger blocksizes. The net result of this encoding is that blocknr < s_first_data_block is not a valid input to this function. The end_fsb variable is set from the keys that are copied from userspace, which means that in the above example, its value is zero. That leads to an underflow here: blocknr = blocknr - le32_to_cpu(es->s_first_data_block); The division then operates on -1: offset = do_div(blocknr, EXT4_BLOCKS_PER_GROUP(sb)) >> EXT4_SB(sb)->s_cluster_bits; Leaving an impossibly large group number (2^32-1) in blocknr. ext4_getfsmap_check_keys checked that keys[0 ---truncated--- CVE-2023-53143 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53143.html CVE-2023-53143 https://bugzilla.suse.com/1242276 SUSE Bug 1242276 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove. CVE-2023-53145 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2023-53145.html CVE-2023-53145 https://bugzilla.suse.com/1243047 SUSE Bug 1243047 In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: <IRQ> dump_stack_lvl+0x68/0xa0 print_address_description.constprop.0+0x2c/0x3d0 print_report+0xb4/0x270 kasan_report+0xbd/0xf0 tcp_write_timer_handler+0x156/0x3e0 tcp_write_timer+0x66/0x170 call_timer_fn+0xfb/0x1d0 __run_timers+0x3f8/0x480 run_timer_softirq+0x9b/0x100 handle_softirqs+0x153/0x390 __irq_exit_rcu+0x103/0x120 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0x76/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 RSP: 0018:ffffffffa2007e28 EFLAGS: 00000242 RAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d R10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000 R13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0 default_idle_call+0x6b/0xa0 cpuidle_idle_call+0x1af/0x1f0 do_idle+0xbc/0x130 cpu_startup_entry+0x33/0x40 rest_init+0x11f/0x210 start_kernel+0x39a/0x420 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x97/0xa0 common_startup_64+0x13e/0x141 </TASK> Allocated by task 595: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x87/0x90 kmem_cache_alloc_noprof+0x12b/0x3f0 copy_net_ns+0x94/0x380 create_new_namespaces+0x24c/0x500 unshare_nsproxy_namespaces+0x75/0xf0 ksys_unshare+0x24e/0x4f0 __x64_sys_unshare+0x1f/0x30 do_syscall_64+0x70/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 100: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x54/0x70 kmem_cache_free+0x156/0x5d0 cleanup_net+0x5d3/0x670 process_one_work+0x776/0xa90 worker_thread+0x2e2/0x560 kthread+0x1a8/0x1f0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Reproduction script: mkdir -p /mnt/nfsshare mkdir -p /mnt/nfs/netns_1 mkfs.ext4 /dev/sdb mount /dev/sdb /mnt/nfsshare systemctl restart nfs-server chmod 777 /mnt/nfsshare exportfs -i -o rw,no_root_squash *:/mnt/nfsshare ip netns add netns_1 ip link add name veth_1_peer type veth peer veth_1 ifconfig veth_1_peer 11.11.0.254 up ip link set veth_1 netns netns_1 ip netns exec netns_1 ifconfig veth_1 11.11.0.1 ip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \ --tcp-flags FIN FIN -j DROP (note: In my environment, a DESTROY_CLIENTID operation is always sent immediately, breaking the nfs tcp connection.) ip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \ 11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1 ip netns del netns_1 The reason here is that the tcp socket in netns_1 (nfs side) has been shutdown and closed (done in xs_destroy), but the FIN message (with ack) is discarded, and the nfsd side keeps sending retransmission messages. As a result, when the tcp sock in netns_1 processes the received message, it sends the message (FIN message) in the sending queue, and the tcp timer is re-established. When the network namespace is deleted, the net structure accessed by tcp's timer handler function causes problems. To fix this problem, let's hold netns refcnt for the tcp kernel socket as done in other modules. This is an ugly hack which can easily be backported to earlier kernels. A proper fix which cleans up the interfaces will follow, but may not be so easy to backport. CVE-2024-53168 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2024-53168.html CVE-2024-53168 https://bugzilla.suse.com/1234887 SUSE Bug 1234887 https://bugzilla.suse.com/1243650 SUSE Bug 1243650 In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 819 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 ... Call Trace: <TASK> e_show+0x20b/0x230 [nfsd] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2024-56558 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2024-56558.html CVE-2024-56558 https://bugzilla.suse.com/1235100 SUSE Bug 1235100 https://bugzilla.suse.com/1243648 SUSE Bug 1243648 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associated umem. In the __mlx5_ib_dereg_mr() -> mlx5_free_priv_descs() flow, the code incorrectly takes the wrong branch, attempting to call dma_unmap_single() on a DMA address that is not mapped. This results in a WARN [1], as shown below. The issue is resolved by properly accounting for the DM type and ensuring the correct branch is selected in mlx5_free_priv_descs(). [1] WARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90 Modules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core CPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:iommu_dma_unmap_page+0x79/0x90 Code: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff <0f> 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00 RSP: 0018:ffffc90001913a10 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 RBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x84/0x190 ? iommu_dma_unmap_page+0x79/0x90 ? report_bug+0xf8/0x1c0 ? handle_bug+0x55/0x90 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? iommu_dma_unmap_page+0x79/0x90 dma_unmap_page_attrs+0xe6/0x290 mlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib] __mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib] ? _raw_spin_unlock_irq+0x24/0x40 ? wait_for_completion+0xfe/0x130 ? rdma_restrack_put+0x63/0xe0 [ib_core] ib_dereg_mr_user+0x5f/0x120 [ib_core] ? lock_release+0xc6/0x280 destroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs] uverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs] uobj_destroy+0x3f/0x70 [ib_uverbs] ib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs] ? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs] ? lock_acquire+0xc1/0x2f0 ? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs] ? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs] ? lock_release+0xc6/0x280 ib_uverbs_ioctl+0xe7/0x170 [ib_uverbs] ? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs] __x64_sys_ioctl+0x1b0/0xa70 do_syscall_64+0x6b/0x140 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f537adaf17b Code: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b RDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003 RBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270 R10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190 R13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450 </TASK> CVE-2025-21888 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-21888.html CVE-2025-21888 https://bugzilla.suse.com/1240177 SUSE Bug 1240177 In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered is a bug unless use_pde/unuse_pde() pair has been used. use_pde/unuse_pde can be avoided (2 atomic ops!) because pde->proc_ops never changes so information necessary for inode instantiation can be saved _before_ proc_register() in PDE itself and used later, avoiding pde->proc_ops->... dereference. rmmod lookup sys_delete_module proc_lookup_de pde_get(de); proc_get_inode(dir->i_sb, de); mod->exit() proc_remove remove_proc_subtree proc_entry_rundown(de); free_module(mod); if (S_ISREG(inode->i_mode)) if (de->proc_ops->proc_read_iter) --> As module is already freed, will trigger UAF BUG: unable to handle page fault for address: fffffbfff80a702b PGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:proc_get_inode+0x302/0x6e0 RSP: 0018:ffff88811c837998 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007 RDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158 RBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20 R10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0 R13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001 FS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> proc_lookup_de+0x11f/0x2e0 __lookup_slow+0x188/0x350 walk_component+0x2ab/0x4f0 path_lookupat+0x120/0x660 filename_lookup+0x1ce/0x560 vfs_statx+0xac/0x150 __do_sys_newstat+0x96/0x110 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e [adobriyan@gmail.com: don't do 2 atomic ops on the common path] CVE-2025-21999 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-21999.html CVE-2025-21999 https://bugzilla.suse.com/1240802 SUSE Bug 1240802 https://bugzilla.suse.com/1242579 SUSE Bug 1242579 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the parsing logic should place every geneve_opt structure one by one compactly. Hence, when deciding the next geneve_opt position, the pointer addition should be in units of char *. However, the current implementation erroneously does type conversion before the addition, which will lead to heap out-of-bounds write. [ 6.989857] ================================================================== [ 6.990293] BUG: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70 [ 6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178 [ 6.991162] [ 6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1 [ 6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 6.992281] Call Trace: [ 6.992423] <TASK> [ 6.992586] dump_stack_lvl+0x44/0x5c [ 6.992801] print_report+0x184/0x4be [ 6.993790] kasan_report+0xc5/0x100 [ 6.994252] kasan_check_range+0xf3/0x1a0 [ 6.994486] memcpy+0x38/0x60 [ 6.994692] nft_tunnel_obj_init+0x977/0xa70 [ 6.995677] nft_obj_init+0x10c/0x1b0 [ 6.995891] nf_tables_newobj+0x585/0x950 [ 6.996922] nfnetlink_rcv_batch+0xdf9/0x1020 [ 6.998997] nfnetlink_rcv+0x1df/0x220 [ 6.999537] netlink_unicast+0x395/0x530 [ 7.000771] netlink_sendmsg+0x3d0/0x6d0 [ 7.001462] __sock_sendmsg+0x99/0xa0 [ 7.001707] ____sys_sendmsg+0x409/0x450 [ 7.002391] ___sys_sendmsg+0xfd/0x170 [ 7.003145] __sys_sendmsg+0xea/0x170 [ 7.004359] do_syscall_64+0x5e/0x90 [ 7.005817] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 7.006127] RIP: 0033:0x7ec756d4e407 [ 7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf [ 7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407 [ 7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003 [ 7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000 [ 7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8 Fix this bug with correct pointer addition and conversion in parse and dump code. CVE-2025-22056 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-22056.html CVE-2025-22056 https://bugzilla.suse.com/1241525 SUSE Bug 1241525 In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an index register that selects the row to read or write to. This means that operations must be atomic in order to, e.g., avoid spreading writes across multiple rows. Since the shadow SRAM array is used to find free rows in the hardware table, it must also be protected in order to avoid TOCTOU errors where multiple cores allocate the same row. This issue was detected in a situation where `mvpp2_set_rx_mode()` ran concurrently on two CPUs. In this particular case the MVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the classifier unit to drop all incoming unicast - indicated by the `rx_classifier_drops` counter. CVE-2025-22060 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-22060.html CVE-2025-22060 https://bugzilla.suse.com/1241526 SUSE Bug 1241526 In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_has_watch_queue()) test in pipe_resize_ring(). This means that when the pipe is ultimately freed, we decrement user->pipe_bufs by something other than what than we had charged to it, potentially leading to an underflow. This in turn can cause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM. To remedy this, explicitly account for the pipe usage in watch_queue_set_size() to match the number set via account_pipe_buffers() (It's unclear why watch_queue_set_size() does not update nr_accounted; it may be due to intentional overprovisioning in watch_queue_set_size()?) CVE-2025-23138 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-23138.html CVE-2025-23138 https://bugzilla.suse.com/1241648 SUSE Bug 1241648 In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... According to the debug log, the same req received two SYN-ACK in a very short time, very likely because the client retransmits the syn ack due to multiple reasons. Even if the packets are transmitted with a relevant time interval, they can be processed by the server on different CPUs concurrently). The 'subflow_req->msk' ownership is transferred to the subflow the first, and there will be a risk of a null pointer dereference here. This patch fixes this issue by moving the 'subflow_req->msk' under the `own_req == true` conditional. Note that the !msk check in subflow_hmac_valid() can be dropped, because the same check already exists under the own_req mpj branch where the code has been moved to. CVE-2025-23145 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-23145.html CVE-2025-23145 https://bugzilla.suse.com/1242596 SUSE Bug 1242596 https://bugzilla.suse.com/1242882 SUSE Bug 1242882 In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted directory is removed). ext4_empty_dir() assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. It first loads the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry() and then uses its rec_len member to compute the location of '..' dir entry (in ext4_next_entry). It assumes the '..' dir entry fits into the same data block. If the rec_len of '.' is precisely one block (4KB), it slips through the sanity checks (it is considered the last directory entry in the data block) and leaves "struct ext4_dir_entry_2 *de" point exactly past the memory slot allocated to the data block. The following call to ext4_check_dir_entry() on new value of de then dereferences this pointer which results in out-of-bounds mem access. Fix this by extending __ext4_check_dir_entry() to check for '.' dir entries that reach the end of data block. Make sure to ignore the phony dir entries for checksum (by checking name_len for non-zero). Note: This is reported by KASAN as use-after-free in case another structure was recently freed from the slot past the bound, but it is really an OOB read. This issue was found by syzkaller tool. Call Trace: [ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710 [ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375 [ 38.595158] [ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1 [ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 38.595304] Call Trace: [ 38.595308] <TASK> [ 38.595311] dump_stack_lvl+0xa7/0xd0 [ 38.595325] print_address_description.constprop.0+0x2c/0x3f0 [ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595349] print_report+0xaa/0x250 [ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595368] ? kasan_addr_to_slab+0x9/0x90 [ 38.595378] kasan_report+0xab/0xe0 [ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595400] __ext4_check_dir_entry+0x67e/0x710 [ 38.595410] ext4_empty_dir+0x465/0x990 [ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10 [ 38.595432] ext4_rmdir.part.0+0x29a/0xd10 [ 38.595441] ? __dquot_initialize+0x2a7/0xbf0 [ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10 [ 38.595464] ? __pfx___dquot_initialize+0x10/0x10 [ 38.595478] ? down_write+0xdb/0x140 [ 38.595487] ? __pfx_down_write+0x10/0x10 [ 38.595497] ext4_rmdir+0xee/0x140 [ 38.595506] vfs_rmdir+0x209/0x670 [ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190 [ 38.595529] do_rmdir+0x363/0x3c0 [ 38.595537] ? __pfx_do_rmdir+0x10/0x10 [ 38.595544] ? strncpy_from_user+0x1ff/0x2e0 [ 38.595561] __x64_sys_unlinkat+0xf0/0x130 [ 38.595570] do_syscall_64+0x5b/0x180 [ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2025-37785 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-37785.html CVE-2025-37785 https://bugzilla.suse.com/1241640 SUSE Bug 1241640 https://bugzilla.suse.com/1241698 SUSE Bug 1241698 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first. CVE-2025-37789 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-37789.html CVE-2025-37789 https://bugzilla.suse.com/1242762 SUSE Bug 1242762 In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. CVE-2025-37948 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-37948.html CVE-2025-37948 https://bugzilla.suse.com/1243649 SUSE Bug 1243649 In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless. CVE-2025-37963 SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.121.1 SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.121.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/ https://www.suse.com/security/cve/CVE-2025-37963.html CVE-2025-37963 https://bugzilla.suse.com/1243660 SUSE Bug 1243660